cbcvebase.
CVE-2018-8057
published 2018-03-11

CVE-2018-8057: A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel…

PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
22.98%
97.5th percentile
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
westernbridgegrouprazor

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?/manage/channel/addchannel
path/application/controllers/manage/channel.php
commandchannel_name=test" AND (SELECT 1700 FROM(SELECT COUNT(*),CONCAT(0x7171706b71,(SELECT (ELT(1700=1700,1))),0x71786a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- JQon&platform=1
commandchannel_name=test" AND SLEEP(5)-- NklJ&platform=1
  • Monitor POST requests to /index.php?/manage/channel/addchannel for SQL injection payloads in the 'channel_name' or 'platform' parameters, specifically error-based patterns using CONCAT/FLOOR/RAND or time-based blind patterns using SLEEP().
  • Look for the hex-encoded marker strings 0x7171706b71 and 0x71786a7671 in POST body data, which are used as delimiters in the error-based SQLi payload to extract data from INFORMATION_SCHEMA.PLUGINS.
  • Detect time-based blind SQL injection attempts via SLEEP(5) injected into the channel_name parameter on the addchannel endpoint; responses with anomalous latency (~5s) indicate exploitation.
  • The vulnerable code resides in /application/controllers/manage/channel.php lines 75-95; the channel_name and platform parameters are passed to SQL queries without sanitization or filtering.
  • ·The PoC targets a localhost instance; in real deployments the base URL will differ. Detection rules should match on the URI path /index.php?/manage/channel/addchannel regardless of host.
  • ·Exploitation requires access to the /manage/ endpoint; assess whether authentication is enforced before the addchannel controller is reached, as this affects the attack surface.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.