# Exploit Title: Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability # Date: March, 9th 2011 [GMT +7] # Author: Shamus # Software Link: http://www.esselbach.com/ # Version : Esselbach Storyteller CMS System Version 1.8 # Tested on: windows # CVE : - ----------------------------------------------------------------------------------------- Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : Shamus Date : March, 9th 2011 [GMT +7] Location : Solo && Jogjakarta, Indonesia Web : http://antijasakom.net/forum Critical Lvl : Moderate Impact : Exposure of sensitive information Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Esselbach Storyteller CMS System Version : Esselbach Storyteller CMS System Version 1.8 Vendor : esselbach Download : http://www.esselbach.com/page5.html Description : Storyteller CMS is a powerful Content Management System written in the PHP scripting language and designed for high traffic websites. It supports up to 99 websites in the same database and is ready for the next MySQL generation with InnoDB tables. -------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~ A weakness has been discovered Esselbach Storyteller CMS System. Where an attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. This vulnerability identified in the path "page.php". PoC/Exploit: ~~~~~~~~~ SQL injection vulnerability affects: http://localhost.com/page.php?id=[Injection Query] Dork: ~~~~ Google : powered by Esselbach Storyteller CMS System Version 1.8 Solution: ~~~~ - Your script should filter metacharacters from user input. - Edit the source code to ensure that input is properly verified. Timeline: ~~~~~~ - 01 - 03 - 2011 bug found - 02 - 03 - 2011 vendor contacted and response [asked about the detail attack] - 03 - 03 - 2011 still contacted vendors - 04 - 03 - 2011 vendors have released patches [http://www.contentteller.com/forums/threads/security-sql-injection-vulnerability-in-storyteller-cms.1148/] - 09 - 03 - 2011 Advisories release --------------------------------------------------------------------------- Shoutz: ~~~~~~ oO0::::: Greetz and Thanks: :::::0Oo. Tuhan YME My Parents SPYRO_KiD K-159 lirva32 newbie_campuz And Also My LuvLy wife : ..::.E.Z.R (The deepest Love I'v ever had..).::.. in memorial : 1. Monique 2. Dewi S. 3. W. Devi Amelia 4. S. Anna oO0:::A hearthy handshake to: :::0Oo ~ Crack SKY Staff ~ Echo staff ~ antijasakom staff ~ jatimcrew staff ~ whitecyber staff ~ lumajangcrew staff ~ devilzc0de staff ~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode ~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin ~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa ~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom ~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de ~ All people in SMAN 3 ~ All members of spyrozone ~ All members of echo ~ All members of newhack ~ All members of jatimcrew ~ All members of Anti-Jasakom ~ All members of whitecyber ~ All members of Devilzc0de ~ All members of Kaskus - "Especially Regional Solo Kaskus" #e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de --------------------------------------------------------------------------- Contact: ~~~~~~~~ Shamus : Shamus@antijasakom.net Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=713 -------------------------------- [ EOF ] ----------------------------------