Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection vulnerability (Content DB) on FlatCore v1.4.6 #28

shardulm94 opened this issue Apr 11, 2017 · 2 comments


None yet
2 participants
Copy link

commented Apr 11, 2017

Exploit Title: SQL Injection vulnerability (Content DB) on FlatCore v1.4.6
Date: 11-April-2017
Exploit Author: @shardulm94
Software Link:
Version: 1.4.6

SQL Injection allows an attacker to run malicious SQL statements on a database and thus being able to read or modify the data in the database. With enough privileges assigned to the database user, it can allow the attacker to delete tables or drop databases.

The vulnerability is due to a non-parameterized SQL query at and a few following lines. We assume that FlatCore is installed at http://localhost/flatcore/. The exploit URL is http://localhost/flatcore/' OR page_status='ghost' LIMIT 0,1 --. This effectively results in the following query to be executed SELECT * FROM fc_pages WHERE page_id = '' OR page_status='ghost' LIMIT 0,1 --' which allows an unauthenticated user to be able to view all ghost/invisible pages without having links to them. The exploit URL can also be possibly modified to leak the content database using UNION based SQL injection attacks.


Viewing ghost pages

Impact: Read data from the content database
Mitigation: Use of Parameterized SQL Queries


This comment has been minimized.

Copy link

commented Apr 11, 2017

Thank you, I've changed all the functions to Prepared Statements: 08f0a13


This comment has been minimized.

Copy link

commented Apr 11, 2017

Verified, no longer works.

@patkon patkon closed this May 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.