what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting
Posted Feb 24, 2017
Authored by Bilal Kardadou

MBLS Flex CMS version 0.7.2 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | de8bbf8970714b308b02a1c4bb5001ad45d1ad6812f661ed24075e53393fe863

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting

Change Mirror Download
Title: SQL injection & Cross-site scripting in CMS Flex
Credit: Bilal KARDADOU
Vulnerability: SQL injection & Cross-Site scripting
Vulnerable version: Flex Version 0.7.2
Vendor: MBL Solutions Ltd
Vendor URL: http://www.mblsolutions.co.uk/
Product: FLEX CMS "THE INTUITIVE CONTENT MANAGEMENT SYSTEM"
Product URL: http://www.mblsolutions.co.uk/content-management-system.html



Product & Service Introduction:
===============================
MBLS Flex, is our own easy to use Content Management System (CMS).

Feature rich and reliable, itas being used by some of the UKas biggest
brands. It uses a simple approach to create pages or edit content and
pictures throughout the site.

MBLS Flex then does the hard bit and converts this into code for you. So it
takes literally minutes to make amends.

(Copy of the Vendor Homepage:
http://www.mblsolutions.co.uk/content-management-system.html )


Technical Details & Description:
================================
A remote sql injection web vulnerability has been discovered in the
official Flex CMS Version 0.7.2 content management system.
The web vulnerability allows remote attackers to execute own malicious sql
commands to compromise the application or dbms.

The sql injection vulnerability is located in the `email` parameter of the
`email=admin@exemple` module POST method request.
Remote attackers are able to execute own sql commands by usage of an
insecure POST method request through the vulnerable
parameter of the own application. The attack vector of the vulnerability is
application-side and the request method to
inject is POST. The security vulnerability in the content management system
is a classic select remote sql-injection.


http://www.TARGET.com/admin/index.php
email='[SQL injection] & [Cross-site scripting]&password=admin&login=login

Security Risk:
==============
The security risk of the sql-injection vulnerability in the Flex CMS
web-application is estimated as high.



---tables from database ---
select datacapture_fields
select datacapture_field_options
select datacapture_field_types
select datacapture_forms
select flex_components
select flex_config
select flex_content
select flex_menus
select flex_menu_items
select flex_positions
select flex_sections
select flex_statistics
select flex_templates
select flex_users
select photogallery_albums
select photogallery_config
select photogallery_images
select search_config
select search_statistics

---PoC---
http://prntscr.com/ebloz4
http://prntscr.com/eblq5g
http://prntscr.com/eblsv8
http://prntscr.com/ebltf8
http://prntscr.com/eblu5r

Bilal KARDADOU - ( https://www.linkedin.com/in/bilal-kardadou-21a000127)
--
*Bilal Kardadou*
IT Security Consultant
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close