ZLDNN DNNArticle for DotNetNuke ‘categoryid’参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121819 漏洞类型 SQL注入
发布时间 2013-08-15 更新时间 2013-08-15
CVE编号 CVE-2013-5117 CNNVD-ID CNNVD-201308-247
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27602
https://www.securityfocus.com/bid/61788
https://cxsecurity.com/issue/WLB-2014030092
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201308-247
|漏洞详情
DotNetNuke(DNN)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。ZLDNNDNNArticle是其中的一个可对文章、新闻等内容进行管理的模块。DotNetNukeZLDNNDNNArticle模块10.0及之前版本中的RSS页面(DNNArticleRSS.aspx)存在SQL注入漏洞。远程攻击者可借助categoryid参数利用该漏洞执行任意SQL命令。
|漏洞EXP
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali

Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/‎
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14

Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
 
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
 
Affected:

 - DNNArticle 10.0 and earlier

---

PoC:

http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
 
---
 
 + Sajjad Pourali
 + http://www.securation.com/
 + http://www.cert.um.ac.ir/
 + Contact: sajjad[at]securation.com
|参考资料

来源:www.zldnn.com
链接:http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
来源:BID
名称:61788
链接:http://www.securityfocus.com/bid/61788
来源:EXPLOIT-DB
名称:27602
链接:http://www.exploit-db.com/exploits/27602
来源:FULLDISC
名称:20130902DotNetNuke(DNNArticleModule)SQLInjectionVulnerability
链接:http://seclists.org/fulldisclosure/2013/Sep/9
来源:OSVDB
名称:96306
链接:http://osvdb.org/96306