header-logo
Suggest Exploit
vendor:
Interact
by:
{G} IR-Security -Team <--> l0rd [D3lt4_l0rD] & Turb0
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Interact
Affected Version From:
Affected Version To: Interact <= 2.4.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Interact 2.4.1 SQL Injection

The Interact version 2.4.1 is vulnerable to SQL Injection in the search.php file. The search_terms parameter is not properly sanitized and is directly used in a SQL query, allowing an attacker to execute arbitrary SQL commands.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries. This can be done by using prepared statements or input validation.
Source

Exploit-DB raw data:

# Title: Interact 2.4.1 SQL Injection

Title : Interact 2.4.1 SQL Injection

Affected Version : Interact <= 2.4.1

Vendor Site : http://sourceforge.net/projects/cce-interact/

Discovery :



Vulnerabilites :

SQL Injection:
in search.php file line 44:
$search_terms_raw = strip_tags($_GET['search_terms']); // in this line only
the strip_tags function is used.
.
.
.
then in line 159
$sql = "SELECT DISTINCT {$CONFIG['DB_PREFIX']}spaces.space_key,name FROM
{$CONFIG['DB_PREFIX']}spaces, {$CONFIG['DB_PREFIX']}module_space_links WHERE
{$CONFIG['DB_PREFIX']}spaces.module_key={$CONFIG['DB_PREFIX']}module_space_links.module_key
AND {$CONFIG['DB_PREFIX']}module_space_links.status_key='1' AND
{$CONFIG['DB_PREFIX']}spaces.type_key!='1' AND
MATCH(name,short_name,code,description) AGAINST('$search_terms_raw') ORDER
BY {$CONFIG['DB_PREFIX']}spaces.name"; // in this line the search_terms_raw
value is used in sql query directly.

poc:
http://localhost:8080/interact-2-4-1/search.php?submit.x=0&submit.y=0&search_terms=[SQLi]/*&rule=all&space_key=1


### {G} IR-Security -Team <--> l0rd [D3lt4_l0rD] & Turb0 ,,,,
ir.security.team@gmail.com S.V.T <--> :D

Navigation

Suggest Exploit

Services By CQR