Introduction
WebEdition CMS is an open source CMS written in PHP that seems to be mostly used by german websites. It came to our attention a few months ago, because another party performed an audit on it and came up with some vulnerabilities. Because we always look for nice PHP bugs for our own PHP and web security trainings we had a very quick look into it and were able to find a number of vulnerabilites that we disclosed to the vendor.
The most serious vulnerability that we discovered was a remote PHP code execution vulnerability that we discussed in a previous blog entry. Because the disclose process took a while for the previous vulnerability we accidentally spend a bit more time in the code and realized a vulnerability in their handling of UPDATE and INSERT by some helper functions they use. This vulnerability allows for SQL injections into UPDATE/INSERT SQL statements that make use of these helper functions. The vendor incorporated a fix for this vulnerability into the release of WebEdition 6.3.8-s2. Unfortunately the vendor was very hard to work with and they decided to not ask us for help or review of their fixes. Therefore as you will learn at the end of this blog posting their fix is incomplete.
more here..........https://www.sektioneins.de/en/blog/14-09-07-webedition-sql-injection-vulnerability.html
WebEdition CMS is an open source CMS written in PHP that seems to be mostly used by german websites. It came to our attention a few months ago, because another party performed an audit on it and came up with some vulnerabilities. Because we always look for nice PHP bugs for our own PHP and web security trainings we had a very quick look into it and were able to find a number of vulnerabilites that we disclosed to the vendor.
The most serious vulnerability that we discovered was a remote PHP code execution vulnerability that we discussed in a previous blog entry. Because the disclose process took a while for the previous vulnerability we accidentally spend a bit more time in the code and realized a vulnerability in their handling of UPDATE and INSERT by some helper functions they use. This vulnerability allows for SQL injections into UPDATE/INSERT SQL statements that make use of these helper functions. The vendor incorporated a fix for this vulnerability into the release of WebEdition 6.3.8-s2. Unfortunately the vendor was very hard to work with and they decided to not ask us for help or review of their fixes. Therefore as you will learn at the end of this blog posting their fix is incomplete.
more here..........https://www.sektioneins.de/en/blog/14-09-07-webedition-sql-injection-vulnerability.html