# Exploit Title: Jaow <= 2.4.5 Blind Sql Injection
# Google Dork: intext:"propulsé par jaow 2.4.5"
# Date: 2012
# Software Link: http://www.jaow.net/
# Version: 2.4.5
# Tested on: Debian GNU/Linux
= Introduction =
Jaow is a CMS that can manage sites of small sizes, thanks to its simple, commented code you can easily create templates and / or create modules to suit your needs. Jaow is the solution for small sites, blogs or portfolio.
= Details =
Unfortunately, a Blind SQL injection is possible in the 2.4.5 core.
Vulnerable page : add_ons.php
Extract from the source :
-------------[ add_ons.php ]--------------
// On stocke dans une variable simple le add_on demandé
$add_on = stripslashes($_GET['add_ons']);
// On recherche si l'add_on est installé
echo 'SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'" AND actif="1"';
$query_add_ons = mysql_query('SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'" AND actif="1"');
-------------[ add_ons.php ]--------------
So, we can inject sql with the add_ons variable, like that :
http://[site]/[path]/add_ons.php?add_ons=[SQL injection]
= Solutions =
Update is avalaible here : http://www.jaow.net/Article-97
Groucho