Cudoma suffers from a remote SQL injection vulnerability.
e43b96a3f7c6d5efacbe109185cff4c7644460261e78c88c815c2a5b219d0b14
# Exploit Title: CUDOMA SQL injection Vulnerability
# Date: 2011-10-08
# Author: ANDREA BOCCHETTI
# Software Link: https://www.cudoma.com/
# Price: 1.500.00
Summary: CuDoMa is a Document Management System (DMS),
a organize, catalog, distribute and manage data and documents.
The optimal solution for document management companies
and professional firms that produce large quantities of documents.
Input passed via idtopic parameters are
not properly sanitised. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Time Table
10/10/2011 - Vendor notified
10/10/2011 - Vendor response.
11/10/2011 - Vendor provides status update.
11/10/2011 - Vendor provides status update.
11/10/2011 - Public disclosure.
======================================================================
1)Exploit :
# http://[localhost]/news?idtopic=[SQL]
2) Credits
Discovered by Andrea Bocchetti
3) BUG FIX