OOP CMS BLOG 1.0 - SQL Injection

vendor:

OOP CMS BLOG

by:

Mr Winst0n

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: OOP CMS BLOG

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:zsoft:oop_cms_blog

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux, Windows 8.1

2019

OOP CMS BLOG 1.0 – SQL Injection

Multiple files in OOP CMS BLOG 1.0 are vulnerable to SQL Injection. These files include search.php, post.php, posts.php, page.php, viewUser.php, and replayMsg.php. All of these files are vulnerable to SQL Injection when an attacker supplies a malicious value for the *id parameter.

Mitigation:

Input validation should be used to prevent SQL Injection attacks. Additionally, parameterized queries should be used to prevent malicious user input from being interpreted as part of the query.

Source

Exploit-DB raw data:

# Exploit Title: OOP CMS BLOG 1.0 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: March 1, 2019
# Vendor Homepage: http://zsoft.com.bd/
# Software Link : https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blog_fo_rup.zip
# Tested Version: 1.0
# Tested on: Kali linux, Windows 8.1 


# PoC:

# Multiple files are vulnerable:

# http://localhost/[PATH]/search.php?search=1 [SQLi]&submit=Search
# http://localhost/[PATH]/post.php?id=17 [SQLi]
# http://localhost/[PATH]/posts.php?id=4 [SQLi]
# http://localhost/[PATH]/page.php?pageid=8 [SQLi]
# http://localhost/[PATH]/admin/viewUser.php?userid=34 [SQLi]
# http://localhost/[PATH]/admin/replayMsg.php?msgid=4 [SQLi]

# Note: Above *id values are random.