| Title | benner modernanet < 1.1.1 Blind Boolean-Based SQL Injection |
|---|
| Description | Title: Blind Boolean-Based SQL Injection in ModernaNet by Benner (< 1.1.1)
Vendor: Benner
Affected Product: ModernaNet
Affected Versions: < 1.1.1
Vulnerability Type: Blind Boolean-Based SQL Injection
CVSS Score: 7.5
Summary:
A Blind Boolean-Based SQL Injection vulnerability has been identified in the ModernaNet system by Benner, affecting versions prior to 1.1.1. The vulnerability exists in the additionalCondition parameter of the following endpoint:
/Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToReturn=DADOS_PESSOAIS_PLANO&ordenarPelaDescricao=true&direcaoOrdenacao=asc&_=1739290047295
An attacker can exploit this vulnerability to infer database information using Boolean-based SQL Injection techniques.
Exploitation:
The vulnerability can be exploited using the following payload:
1=1) AND (CASE WHEN (SUBSTRING(DB_NAME(),X,1)='Y') THEN 1 ELSE 0 END=1)--
If the query is correct, the response length is greater.
If not, the response length is smaller.
This allows an attacker to extract database information one character at a time, its just needed to change the argument X to the database name index and Y to the character.
Impact:
No authentication or privileges are required.
The attack can be performed remotely.
The attacker can infer database schema details, potentially leading to further exploitation.
CVSS recomendation: 7.5 (HIGH)
Credits:
This vulnerability was discovered by Yago Martins and Yasmim da Cunha. |
|---|
| Source | ⚠️ https://github.com/yago3008/CVES |
|---|
| User | y4g0 (UID 80480) |
|---|
| Submission | 02/12/2025 01:50 AM (3 months ago) |
|---|
| Moderation | 02/24/2025 06:22 PM (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 296690 [Benner ModernaNet up to 1.1.0 sql injection] |
|---|
| Points | 20 |
|---|