Webnink - sql injection Vulnerability

2023.11.08
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Document Title: =============== Webnink - sql injection Vulnerability Release Date: ============= 2023-11-07 nabegheh Laboratory ID (NL-ID): ==================================== 101 Product & Service Introduction: =============================== WebNink is a full-service advertising agency known for delivering highly strategic work in branding, video, print, digital, web, social media, advertising and media. webNink has sound technical expertise in application development and on major platforms in web development and designing. Delivery of products in the real and right time makes us glitter among the others. We are committed to exceed your expectations by monitoring, benchmarking and continuously improving products, services and thereby creating a relation beyond the limits of pure business. webNink has the extensive expertise, experience and resources to develop software applications that best suit our client needs, budget, schedule and existing infrastructure. We strive to focus on the customer and deliver solutions designed around their requirements rather than focusing on a specific technology and expecting the customer to adapt to the technology and platform of our choice. (Copy of the Homepage: https://webnink.com/about ) (Software: https://webnink.com/service ) Abstract Advisory Information: ============================== The security unit from the nabegheh Technology Center discovered a SQL Injection web vulnerability in dedicated Webnink portals. Affected Product(s): ==================== Vendor: https://webnink.com Product: Webnink portals (Web-Application) Vulnerability Disclosure Timeline: ================================== 2023-11-07: Researcher Notification & Coordination (Security Researcher From Nabegheh Tech) 2023-11-07: Public Disclosure (Nabegheh Tech Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== High Authentication Type: ==================== Open Authentication (Anonymous Privileges) User Interaction: ================= No User Interaction Disclosure Type: ================ Full Disclosure Technical Details & Description: ================================ SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details. The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business. When calculating the potential cost of an SQLi, it’s important to consider the loss of customer trust should personal information such as phone numbers, addresses, and credit card details be stolen. While this vector can be used to attack any SQL database, websites are the most frequent targets. Proof of Concept (PoC): ======================= 1.1 [+] Add the quotation mark (') to the end of the link : * http://[SERVER/DOMAIN]/[folders]/[page].php?Id=4' [+] Dork(s): intext:"Powered by Webnink" inurl:".php?Id=" [+] PoC: Exploitation [+] http://[SERVER/DOMAIN]/[folders]/doctor-category.php?Id=[VULNERABILITY!] [+] http://[SERVER/DOMAIN]/[folders]/location.php?Id=[VULNERABILITY!] [+] and etc.. Solution - Fix & Patch: ======================= 1. Disallow sql-errors to be displayed in the frontend and backend. Disable to redisplay the broken or malicious query on client-side. 2. Use prepared statement to protect the sql query of the post method request 3. Restrict the post parameters by disallow the usage of special chars with single or double quotes 4. Setup a filter or validation class to deny broken or manipulated sql queries Credits & Authors: ================== nabeghehtech - Nabegheh.Tech website: https://nabegheh.tech ; Twitter/X: x.com/nabeghehtech ; Telegram: t.me/nabeghehtech Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. nabegheh tech disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. nabegheh tech or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if nabegheh tech or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. website: https://nabegheh.tech Twitter: @nabeghehtech Telegram: @nabeghehtech E-mail: nabeghehtech@gmail.com Any modified copy or reproduction, including partially usages, of this file requires authorization from nabegheh tech. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by nabegheh tech Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of nabegheh tech team & the specific authors or managers. To record, list, modify, use or edit our material contact (nabeghehtech@gmail.com) to get a ask permission. Copyright © 2023 | Nabegheh Tech™

Referencje:

https://nabegheh.tech
https://x.com/nabeghehtech
https://t.com/nabeghehtech


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top