Already discovered 01/2008. http://packetstormsecurity.org/0801-exploits/360-sql.txt 904cc6b6c4da1afe893909ea684ba118 360 Web Manager version 3.0 suffers from a SQL injection vulnerability. Authored By <a href="mailto:innos_got[at]rambler.ru";>Ded MustD!e</a>
On Tue, May 25, 2010 at 07:47:45PM +0200, [email protected] wrote: > Vulnerability ID: HTB22379 > Reference: > http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_360_web_manager_1.html > Product: 360 Web Manager > Vendor: 360 Web Manager > Vulnerable Version: 3.0 > Vendor Notification: 10 May 2010 > Vulnerability Type: SQL Injection > Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response > Risk level: Medium > Credit: High-Tech Bridge SA (http://www.htbridge.ch/) > > Vulnerability Details: > The vulnerability exists due to failure in the > "/adm/content/webpages/webpages-form-led-edit.php" script to properly > sanitize user-supplied input in "IDFM" variable. Attacker can alter queries > to the application SQL database, execute arbitrary queries to the database, > compromise the application, access or modify sensitive data, or exploit > various vulnerabilities in the underlying SQL database. > > Attacker can use browser to exploit this vulnerability. The following PoC is > available: > > http://host/adm/content/webpages/webpages-form-led-edit.php?IDFM=-1+ANY_SQL_HERE+--+ > >
