Chengdu Bureau of Commerce - SQL Injection Vulnerability

Chengdu Bureau of Commerce – SQL Injection Vulnerability

References:

http://www.vulnerability-lab.com/get_content.php?id=312

——————–

Introduction:

May 20, by my bureau composed of 10 members, participated in by the Chinese Cycling Association, Chengdu Sports Bureau, Chong City People s Government s  second bike fans in Chengdu, China Fitness Festival  Second station (Chong City) match. Team members promote unity and cooperation, work hard, beyond the spirit of self, fully demonstrating the business outlook of the bureau team has achieved good results ever, won the Chengdu-class team of 28 community agencies large group of 5 km Team finished sixth.

(Copy of the Vendor Homepage: http://www.cdmbc.gov.cn/detail.php?tid=236657 )

——————–

Abstract:

The Vulnerability Laboratory Research Team discovered a critical SQL Injection Vulnerability in the Chengdu Bureau of Commerce website.

——————–

Report-Timeline:

2011-11-08:        Vendor Notification

2011-11-09:        Vendor Response/Feedback

2012-04-19:        Vendor Fix/Patch

2011-04-20:        Public or Non-Public Disclosure

——————–

Exploitation-Technique:

Remote

——————–

Severity:

Critical

——————–

Details:

A SQL Injection vulnerability is detected on the Chinese Academy Of Governance website . The vulnerability is located on the list.php file when processing to  request via unsantized cid value parameter. Remote Attackers & privileged user accounts can inject/execute own sql commands to compromise the affected application dbms.

Vulnerable Module(s):

[+] list.php – CID

——————–

Proof of Concept:

The SQL Injection vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce …

Site:                      www.cdmbc.gov.cn/ist.php?cid=

Path:                     /ist.php?cid=

File:                       list.php?cid=

Value:                  ?cid=[SQL Injection]

——————–

Solution

CLOSED BY COORDINATION OF CHINA NATIONAL VULNERABILITY DATABASE FOR INFORMATION SECURITY (CNNVD PARTNERS).

——————–

Risk:

The security risk of the remote SQL Injection vulnerability is estimated as critical.

——————–

Credits:

Vulnerability Research Laboratory – Chokri Ben Achor (meister@vulnerability-lab.com) &  Benjamin Kunz mejr (rem0ve@vulnerability-lab.com)

Title:

======

Chengdu Bureau of Commerce – SQL Injection Vulnerability

Date:

=====

2012-04-23

References:

===========

http://www.vulnerability-lab.com/get_content.php?id=312

VL-ID:

=====

312

Introduction:

=============

May 20, by my bureau composed of 10 members, participated in by the Chinese Cycling Association, Chengdu Sports Bureau, Chong City People s Government s  second bike fans in Chengdu, China Fitness Festival  Second station (Chong City) match. Team members promote unity and cooperation, work hard, beyond the spirit of self, fully demonstrating the business outlook of the bureau team has achieved good results ever, won the Chengdu-class team of 28 community agencies large group of 5 km Team finished sixth.

(Copy of the Vendor Homepage: http://www.cdmbc.gov.cn/detail.php?tid=236657 )

Abstract:

=========

The Vulnerability Laboratory Research Team discovered a critical SQL Injection Vulnerability in the Chengdu Bureau of Commerce website.

Report-Timeline:

================

2011-11-08:        Vendor Notification

2011-11-09:        Vendor Response/Feedback

2012-04-19:        Vendor Fix/Patch

2011-04-20:        Public or Non-Public Disclosure

Status:

========

Published

Exploitation-Technique:

=======================

Remote

Severity:

=========

Critical

Details:

========

A SQL Injection vulnerability is detected on the Chinese Academy Of Governance website . The vulnerability is located on the list.php file when processing to  request via unsantized cid value parameter. Remote Attackers & privileged user accounts can inject/execute own sql commands to compromise the affected application dbms.

Vulnerable Module(s):

                                                                                                                             [+] list.php – CID

Proof of Concept:

=================

The SQL Injection vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce …

Site:                      www.cdmbc.gov.cn/ist.php?cid=

Path:                     /ist.php?cid=

File:                       list.php?cid=

Value:                  ?cid=[SQL Injection]

Solution:

=========

CLOSED BY COORDINATION OF CHINA NATIONAL VULNERABILITY DATABASE FOR INFORMATION SECURITY (CNNVD PARTNERS).

Risk:

=====

The security risk of the remote SQL Injection vulnerability is estimated as critical.

Credits:

========

Vulnerability Research Laboratory – Chokri Ben Achor (meister@vulnerability-lab.com) &  Benjamin Kunz mejr (rem0ve@vulnerability-lab.com)