How I found another SQLi on the Government website in just 5 minutes

Two months ago I started the journey of bug hunting of Kerala govt websites. In this journey, there are lots of vulnerabilities identified including Remote Code Execution, SQL Injection, Local File Inclusion, Sensitive Data Exposure, etc. I will share my experiences in upcoming write-ups. This simple write-up is about SQL injection.SQL Injection is one of the most pervasive, and most dangerous web application vulnerabilities.

Power of Nuclei tool

Nuclei is a very powerful tool, it allows you to perform automatic vulnerability scans based on templates predefined by the user. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.

Let’s start to scan the target with Nuclei.

echo “https://[redacted].in" | nuclei -c 200 -silent -t /home/srl/nuclei-templates/

From the above picture, you can see the target is vulnerable to CVE-2018-17254. So I decided to Identify available databases by using SQLMap.

sqlmap -u “https://[redacted].in/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=" — dbs

After 2 minutes I have got available database names.

Impact

An attacker could use this vulnerability to control the content in the database, exfiltrate information, and potentially obtain remote code execution.

HOPE YOU LIKE IT : )