The vulnerabilities allow an attacker (remote) or local low privileged user account to execute a SQL commands on the affected application dbms. The vulnerabilities are located in the responder, preview, pages, navlinks, contacts, register and index modules with the bound vulnerable id & form_id parameters. Successful exploitation of the vulnerability results in dbms & application compromise. Exploitation requires no user inter action & without privileged user account.
A persistent input validation vulnerability is detected in the Omnistar Mailer v7.2 Email Marketing Software. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). The persistent vulnerability is located in the Create Website Forms module with the bound vulnerable form name parameters. Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation.Exploitation requires low user inter action & privileged user account.
Vulnerable Section(s):
[+] Customise Interface -> Create Website Forms
Vulnerable Module(s):
[+] Create Standard Registration Form -> Add form
Vulnerable Parameter(s):
[+] Form Name
Proof of Concept:
The SQL injection vulnerabilities can be exploited by remote attackers without user inter action. For demonstration or reproduce ...
--- SQL Exception ---
SQL error (You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near ''9''' at line 3)
in (
select navname,form_id,auto_subscribe,approve_members,confirm_email,signup_redirect,email_forward
from mailer75_navlinks
where nav_id='9''
)
The persistent input validation vulnerability can be exploited by remote attackers with low required user inter action & low privileged user account. For demonstration or reproduce ...
The attacker create a form and insert in "form name" field own malicious javascript or html code. To create the form the attacker should to go to Customise Interface -> Create Website Forms -> Create Standard Registration Form -> Add form Then inject the malicious script code i.e., <iframe src=www.vuln-lab.com onload=alert("VL")/> When the user browses the forms page in the control panel, or any user trying to register for the website, the persistent injected script code will be executed out of the web application context.
Disclosure Timeline:
2012-10-01: Public or Non-Public Disclosure
