Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Dotnet CMS - SQL Injection" module is designed to detect a SQL injection vulnerability in the Dotnet CMS software. Dotnet CMS is a content management system built on the .NET framework. This module specifically targets the SQL injection vulnerability, which is a critical security issue. It allows attackers to manipulate the SQL queries executed by the application, potentially gaining unauthorized access to sensitive information, modifying data, or even executing arbitrary code.
This module is authored by an unknown individual or group.
A successful SQL injection attack on the Dotnet CMS can have severe consequences. It can lead to unauthorized access to sensitive data, such as user credentials, personal information, or financial records. Attackers can also modify or delete data, disrupt the normal functioning of the application, or even gain control over the underlying server.
The "Dotnet CMS - SQL Injection" module works by sending a specific HTTP request to the target application. The request is designed to exploit the SQL injection vulnerability in the City_ajax.aspx page, which accepts a parameter called "CityId". The module injects a malicious payload into the parameter value, attempting to execute a SQL query that retrieves the MD5 hash of a randomly generated alphanumeric string.
The module then uses matching conditions to determine if the SQL injection vulnerability is present. It checks the response body for the presence of the MD5 hash of the injected payload and verifies that the HTTP response status is 200 (OK).
Example HTTP request:
GET /user/City_ajax.aspx?CityId=33'union%20select%20sys.fn_sqlvarbasetostr(HashBytes('MD5','{%randTextAlphanumeric(10)%}')),2-- HTTP/1.1
Host: example.com
The matching conditions are:
- The response body must contain the MD5 hash of the injected payload. - The HTTP response status must be 200 (OK).If both conditions are met, the module reports the presence of the SQL injection vulnerability.