Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..

Contact via Linkedin or read interesting staff on Twitter.

SD Studio CMS SQL Injection Vulnerabilities

|| Security Net Advisory #D.24.7.06.a

Title : SD Studio CMS SQL injection
Impact : Manipulation of data
Type   : Remote
Vendor :
- Url    : http://www.sdstudio.co.yu/
- Status : Vendor was first contacted on 24.7.2006.

|| Vulnerability

Input passed to the "news_id", "tid" and "page_id" parameter in "index.php" isn't properly filtered before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

|| Examples:

index.php?news_id=[SQL]&plugin=news&plugin_view=news_details&tid=25
index.php?news_id=40&plugin=news&plugin_view=news_details&tid=[SQL]
index.php?page_id=[SQL]

|| Solution:

Edit the source code to ensure that input is properly filtered.

|| Contact

Author : Ivan Markovic
Site   : www.security-net.biz

http://security-net.biz/adv/D24706a.txt
http://www.securityfocus.com/bid/19173/info
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3919