CVE-2018-8057
published 2018-03-11CVE-2018-8057: A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
22.98%
97.5th percentile
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| westernbridgegroup | razor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandchannel_name=test" AND (SELECT 1700 FROM(SELECT COUNT(*),CONCAT(0x7171706b71,(SELECT (ELT(1700=1700,1))),0x71786a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- JQon&platform=1↗
- →Monitor POST requests to /index.php?/manage/channel/addchannel for SQL injection payloads in the 'channel_name' or 'platform' parameters, specifically error-based patterns using CONCAT/FLOOR/RAND or time-based blind patterns using SLEEP(). ↗
- →Look for the hex-encoded marker strings 0x7171706b71 and 0x71786a7671 in POST body data, which are used as delimiters in the error-based SQLi payload to extract data from INFORMATION_SCHEMA.PLUGINS. ↗
- →Detect time-based blind SQL injection attempts via SLEEP(5) injected into the channel_name parameter on the addchannel endpoint; responses with anomalous latency (~5s) indicate exploitation. ↗
- →The vulnerable code resides in /application/controllers/manage/channel.php lines 75-95; the channel_name and platform parameters are passed to SQL queries without sanitization or filtering. ↗
- ·The PoC targets a localhost instance; in real deployments the base URL will differ. Detection rules should match on the URI path /index.php?/manage/channel/addchannel regardless of host. ↗
- ·Exploitation requires access to the /manage/ endpoint; assess whether authentication is enforced before the addchannel controller is reached, as this affects the attack surface. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_SQL_injection_description.mdhttps://github.com/cobub/razor/issues/162https://www.exploit-db.com/exploits/44454/https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_SQL_injection_description.mdhttps://github.com/cobub/razor/issues/162https://www.exploit-db.com/exploits/44454/
2018-03-11
Published