Share
## https://sploitus.com/exploit?id=PACKETSTORM:214738
Pragyan CMS 3.0 - Blind SQL Injection
    Advisory ID: RO-14-001
    Severity: Critical
    Vendor: Delta
    Product: Pragyan CMS
    Version: 3
    
    
    Overview #
    
    A critical Blind SQL Injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database.
    
    
    Vulnerability Details #
    
    Affected Versions: 3.0 and earlier
    
    Location: Main index endpoint
    
    Affected Parameter: page
    
    Root Cause: The vulnerability exists due to insufficient input validation on the page parameter. User-supplied input is directly concatenated into an SQL query without proper sanitization or parameterized queries.
    
    
    Exploitation Requirements #
    
        No authentication required
        Direct access to the main index endpoint
    
    Impact #
    
    Remote attackers can exploit this vulnerability to:
    
        Extract sensitive data from the database
        Bypass authentication mechanisms
        Modify or delete database content
        Potentially gain administrative access to the CMS
    
    Proof of Concept #
    
    GET /?page='+(SELECT 1 FROM (SELECT SLEEP(25))A)+' HTTP/1.1
    Host: target.com
    
    Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.
    
    
    Solution #
    
    Upgrade to a patched version of Pragyan CMS. Apply the vendor patch that includes proper input sanitization for the affected parameter.
    
    
    References #
    
        Invicti Advisory NS-14-001
        GitHub Patch
    
    Timeline:
    
        [2014-01-01] - Discovered
    
    Credits: Omar Kurt