cbcvebase.
CVE-2017-14703
published 2017-09-26

CVE-2017-14703: SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.06%
78.9th percentile
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.

Affected

1 ranges
VendorProductVersion rangeFixed in
cashbackcomparisonscriptcash_back_comparison

Detection & IOCsextracted from sources · hover to see the quote

urlsearch/EfE'+/*!01116UNIoN*/+/*!01116SeLecT*/+0x31,0x32,0x33,0x34,0x35,0x36,/*!01116concat*/(0x3c74657874617265613e,0x557365726e616d653a,username,0x20,0x506173733a,password,0x3c2f74657874617265613e),0x38/*!50000FrOm*/users--+-.html
path/admin/login.php
path/search/
  • Detect SQL injection attempts against the /search/ PATH_INFO endpoint using MySQL comment-obfuscated UNION SELECT payloads (e.g., /*!01116UNIoN*/, /*!01116SeLecT*/, /*!50000FrOm*/).
  • Flag requests to /search/*.html paths containing SQL comment sequences such as /*!01116 or /*!50000 in the PATH_INFO, which are characteristic of this exploit's obfuscation technique.
  • Monitor for hex-encoded strings 0x3c74657874617265613e (<textarea>) and 0x3c2f74657874617265613e (</textarea>) in HTTP requests to /search/, as the exploit uses these to exfiltrate credentials wrapped in textarea tags.
  • Alert on GET requests to /admin/login.php following anomalous /search/ PATH_INFO requests, as the exploit prints this path as the post-exploitation admin panel target.
  • ·The exploit targets the 'users' table and extracts 'username' and 'password' columns specifically; detection rules should account for these table/column names appearing in URL-encoded or hex-encoded form within PATH_INFO.
  • ·The SQL injection is delivered via PATH_INFO (not query string parameters), so WAF/IDS rules must inspect the URL path segment after /search/, not just GET/POST parameters.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.