Skip to content

SQL injection vulnerability exists in CuppaCMS /administrator/alerts/alertLightbox.php #31

Open
@JiuBanSec

Description

  • VULNERABLE: SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in
    “/administrator/alerts/alertLightbox.php" via the "params%5Bgroup%5D=2" parameters.
  • Github: https://github.com/JiuBanSec
  • Product: CuppaCMS
  • Impact: Allow attacker inject query and access , disclosure of all data on the system.
  • Payload: params%5Bgroup%5D=2'+UNION+ALL+SELECT+concat('\n','database:',database(),'\n','user:',user(),'\n'),null--+-
  • Proof of concept (POC):
    image
  • You can see injection code query into params%5Bgroup%5D parameters as show below
  • You see database and user as show below in the response
    image

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions