PhoenixCMS 3.0 Articles.CFM - Possible SQL Vulnerability FIX.

[Sledmore]

Hey guys,

Well, I really like PhoenixCMS 3.0 and I use it now cause of XaddoUSA, and we got told there were an SQL injection exploit. And I've asked Aaron himself if it would work to run a command he said no but this was a day later, I fixed this earlier to set the error to only allow the format of numeric.

I'm no ColdFusion expert, but this should work got the patches from Adobe.​

Anyways a simple fix, find the following:

<cfquery name="ThisStory" datasource="#DSN#">
		SELECT *
		FROM cms_news
		WHERE id = #url.story#
		LIMIT 1
	</cfquery>

Replace with:

	<cfquery name="ThisStory" datasource="#DSN#">
		SELECT *
		FROM cms_news
		WHERE id =<cfqueryparam value="#url.story#" cfsqltype="cf_sql_numeric">
		LIMIT 1
	</cfquery>

I know it's a really simple fix, but they shouldn't be able to run a command anyway, but better to be safe huh ? - thank me if you want to xD.​

 

[Kryptos]

I'm no cold fusion expert, but if that was PHP then it would be exploitable from my knowledge,
Thanks for this!

 

[Sledmore]

Yeah, this should fix it, but apparently, you couldn't run a command on it anyhow, but better to be safe. ;P.

 

[iNeon]

Thanks For This Sledeh!

 

[Sledmore]

Your welcome buddy ^^.