Discovering a Sigma SQLi Vulnerability in Explore CMS 1.0
Hello everyone, my name is SoltnAli. Today, I want to share an exciting discovery I made while working on Explore CMS 1.0. As someone who actively researches various CVEs and shares my findings on LinkedIn through my weekly series “GO-TO CVE,” I was thrilled to uncover this vulnerability.
The Discovery Process
While examining Explore CMS 1.0, a content management system, I aimed to identify any potential security vulnerabilities. My inspiration for this research was a well-known vulnerability, CVE-2022–27412, which was an SQL Injection (SQLi) issue in this CMS. By studying this vulnerability, I understood how the original discoverer thought and identified this flaw.
Thinking Like a Developer
I decided to follow the same pattern and approach the problem from a developer’s perspective. By analyzing the method used by the original discoverer, I suspected that this pattern might be repeated elsewhere in the system. Therefore, I began examining and testing various parameters of the CMS.
Utilizing the Wayback Machine
To aid my search, I used the Wayback Machine to analyze archived versions of the target website. By querying the Wayback Machine’s CDX server API with the following URL:
https://web.archive.org/cdx/search/cdx?url=http://site.com/*&output=text&fl=original&collapse=urlkey
I uncovered various parameters that the website had used over time. This information provided me with additional targets to test for vulnerabilities.
Testing the Parameters
Using a virtual machine to simulate different environments and behaviors, I began testing the parameters identified through the Wayback Machine. By crafting various SQL injection payloads and injecting them into these parameters, I discovered that one of these parameters was indeed vulnerable to SQL injection after several attempts. This allowed me to manipulate database queries and potentially access sensitive information.
The Impact
This discovery highlights the importance of thorough testing across all input fields in a web application, not just the ones initially reported as vulnerable. By leveraging historical data from the Wayback Machine, I was able to identify a critical security flaw that could have been overlooked.
Conclusion
Finding this vulnerability was an exciting moment in my ongoing security research journey. It underscores the necessity of persistence and creativity when testing for security flaws.
If you’re interested in more of my findings and insights, feel free to follow me on social media. Your support encourages me to continue sharing valuable security research with the community.
Thank you for reading, and stay safe online!
Follow Me:
Stay tuned for more updates and insights from the world of cybersecurity!
#CVE #sqli #bug #hackerone