Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
It was identified that the blog module in Kentico CMS 5.5 R2 (build 5.5.3996) is vulnerable to SQL injection attacks via “tagname” parameter, since user-controllable data is incorporated into database SQL queries in an unsafe manner.
This vulnerability can be leveraged by a potential attacker in order to interact with the back-end database and access/modify/delete stored data, interfere with application logic, escalate his privileges within the database and/or potentially take control of the database server.
The vulnerability was exploited using the sqlmap tool:
* Sample url:
* Vulnerable parameter: tagname
* Type: time-based blind sql injection
* Sample payload: tagname=test'+(SELECT CHAR(118)+CHAR(103)+CHAR(85)+CHAR(89) WHERE 1718=1718 AND 6176=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7))+'&groupid=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment