Web Technology Hut: CVE-2014-9558 SmartCMS Multiple SQL Injection Security Web Application Zero Day Bug

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Web Application Zero Day Bug

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9558
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Advisory Details:

(1) Vendor & Product Description

Vendor:
Smartwebsites

Product & Version:
SmartCMS
v.2

Vendor URL & Download:

http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en

Product Description:

“SmartCMS is one of the most user friendly and smart content management systems there is in the Cyprus market. It makes the content management of a webpage very easy and simple, regardless of the user's technical skills. When we designed the SmartCMS - Online Content Management System, we had you, the user, in mind. We have put ourselves in your shoes and wandered what would be like to have a simple, yet powerful system that would make the update of a website something fun to do. And here we are now! 6 years passed since the first release of SmartCMS. Now it is a popular and successful system which helps many companies become more competitive and successful online. The SmartCMS systems comes with a batch of useful tools and modules which make your online content management experience enjoyable, while increasing your productivity instantly.

SmartCMS offers you the following:

One complete solution for the content management of your website.

Professional design.

Minimal running cost.

Maximum security and scalability.

Unlimited number of pages, images and files.

Complete control over your website, without the need for specialized technical skills and without any dependencies on third party.

Support for multiple languages.

Quality and reliable professional customer support.

Improved customer service.”

(2) Vulnerability Details:

SmartCMS web application has a computer cyber security bug problem. Hacker can exploit it by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. SmartCMS has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to SQL Injection vulnerabilities and cyber intelligence recommendations.

(2.1) The first code flaw occurs at “index.php?” page with “pageid” “lang” multiple parameters.

(2.2) The second code flaw occurs at “sitemap.php?” page with “pageid” “lang” multiple parameters.