I. BACKGROUND -------------- Flynax is a software development company which produces several CMSs to mantain different kinds of classifieds websites. II. DESCRIPTION ---------------- Nasel members discovered a critical vulnerability in the front-end of these products. The vulnerability is an SQL injection in the advanced search, specifically in the "f[city]" parameter located at following files: - General Classifieds Software: dealers.html, - Real Estate Classifieds: agents-realtors.html. - Auto Classifieds Script: dealers.html - Pets Classifieds Software: dealers.html Exploiting this vulnerability can lead to a full disclosure of the database. III. AFFECTED PRODUCTS ----------------------- - General Classifieds Software 3.2 - Auto Classifieds Script 3.2 - Real Estate Classifieds 3.2 - Pets Classifieds Software 3.2 IV. PoC ------------
Injection:
The name of the admin users table can differ depending on the product's version. V. CREDITS ----------- This vulnerability was found by the Nasel Penetration Testing team formed by: - Alessandri, Santiago (salessandri [at] nasel [dot] com [dot] ar) - Benencia, Raul (rbenencia [at] nasel [dot] com [dot] ar) - Fontanini, Matias (mfontanini [at] nasel [dot] com [dot] ar) - Traberg, Carlos Gaston (gtraberg [at] nasel [dot] com [dot] ar) VI. ADVISORY INFORMATION ------------------------- 2011-09-15 ========== Vulnerability Found. Vendor notification. Scheduled advisory release on September 25th, 2011. 2011-09-17 ========== Vendor replied that the problem was fixed. 2011-09-25 ========== Advisory released. -- Nasel Penetration Testing Team http://www.nasel.com.ar