Esselbach Storyteller CMS System 1.8 - SQL Injection

EDB-ID:

16948

CVE:



Author:

Shamus

Type:

webapps


Platform:

PHP

Date:

2011-03-09


# Exploit Title: Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability
# Date: March, 9th 2011 [GMT +7]
# Author: Shamus
# Software Link: http://www.esselbach.com/
# Version : Esselbach Storyteller CMS System Version 1.8
# Tested on: windows
# CVE : -

-----------------------------------------------------------------------------------------
Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability
-----------------------------------------------------------------------------------------

Author : Shamus
Date : March, 9th 2011 [GMT +7]
Location : Solo && Jogjakarta, Indonesia
Web : http://antijasakom.net/forum
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------



Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Esselbach Storyteller CMS System
Version : Esselbach Storyteller CMS System Version 1.8
Vendor : esselbach
Download : http://www.esselbach.com/page5.html
Description :  Storyteller CMS is a powerful Content Management System written in the PHP scripting language and designed for high traffic websites. 
It supports up to 99 websites in the same database and is ready for the next MySQL generation with InnoDB tables.
--------------------------------------------------------------------------



Vulnerability:
~~~~~~~~~~~~
A weakness has been discovered Esselbach Storyteller CMS System.
Where an attacker may execute arbitrary SQL statements on the vulnerable system. 
This may compromise the integrity of your database and/or expose sensitive information.
This vulnerability identified in the path "page.php".


PoC/Exploit:
~~~~~~~~~~
SQL injection vulnerability affects:
http://localhost.com/page.php?id=[Injection Query]

Dork:
~~~~~
Google : powered by Esselbach Storyteller CMS System Version 1.8

Solution:
~~~~~
- Your script should filter metacharacters from user input.
- Edit the source code to ensure that input is properly verified.


Timeline:
~~~~~~~
- 01 - 03 - 2011 bug found
- 02 - 03 - 2011 vendor contacted and response [asked about the detail attack]
- 03 - 03 - 2011 still contacted vendors
- 04 - 03 - 2011 vendors have released patches [http://www.contentteller.com/forums/threads/security-sql-injection-vulnerability-in-storyteller-cms.1148/]
- 09 - 03 - 2011 Advisories release
---------------------------------------------------------------------------



Shoutz:
~~~~~~~
oO0::::: Greetz and Thanks: :::::0Oo.
Tuhan YME
My Parents
SPYRO_KiD
K-159
lirva32
newbie_campuz

And Also My LuvLy wife :
..::.E.Z.R (The deepest Love I'v ever had..).::..

in memorial :
1. Monique
2. Dewi S.
3. W. Devi Amelia
4. S. Anna

oO0:::A hearthy handshake to: :::0Oo
~ Crack SKY Staff
~ Echo staff
~ antijasakom staff
~ jatimcrew staff
~ whitecyber staff
~ lumajangcrew staff
~ devilzc0de staff
~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
~ All people in SMAN 3
~ All members of spyrozone
~ All members of echo
~ All members of newhack
~ All members of jatimcrew
~ All members of Anti-Jasakom
~ All members of whitecyber
~ All members of Devilzc0de
~ All members of Kaskus - "Especially Regional Solo Kaskus"
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de
---------------------------------------------------------------------------



Contact:
~~~~~~~~~
Shamus : Shamus@antijasakom.net
Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=713
-------------------------------- [ EOF ] ----------------------------------