Critical Blind SQL Injection Vulnerability in Pragyan CMS

Information

Advisory by Netsparker (now Invicti)
Name: Critical Blind SQL Injection vulnerability in Pragyan CMS
Software: Pragyan CMS v3.0 and possibly below.
Vendor Homepage: https://github.com/delta/pragyan
Vulnerability Type: SQL Injection
Severity: Critical
Researcher: Omar Kurt
Advisory Reference: NS-14-001

Description

A simple and fast multiuser content management system to organize collaborative web-content. This CMS allows very fine user&group permissions, generating pages like articles, forms, quizzes, forums, etc, search powered by sphider.

Details

Pragyan CMS is affected by Blind SQL Injection vulnerabilities in version 3.0.
Example PoC urls are as follows:

  • Blind SQL Injection
    http://example.com/?page='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'

You can read the full article about Cross-Site Scripting and SQL Injection vulnerabilities from here: 

Solution

Vulnerability patched by Pragyan CMS developers. This vulnerability firstly reported by https://github.com/nean months ago.

Advisory Timeline

13/12/2013 – First Contact – Request Security contact
24/12/2013 – Second Contact – Sent Details
27/12/2013 – Vulnerability Fixed
29/01/2014 – Advisory Released

Credits

It has been discovered on testing of Invicti Web Application Security Scanner.

About Invicti

Invicti® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Invicti’s unique detection and exploitation techniques allows it to be dead accurate in reporting hence it’s the first and the only False Positive Free web application security scanner.