CVE-2024-36840
published 2024-06-12CVE-2024-36840: SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the…
PriorityP357critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.24%
80.6th percentile
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
Detection & IOCsextracted from sources · hover to see the quote
commandid=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -↗
bytes↗
0x7170766b71
bytes↗
0x7162626a71
- →Detect exploitation attempts via Google Dork pattern targeting Boelter Blue installations ↗
- →Monitor GET requests to news_details.php, location_details.php (id parameter) and services.php (section parameter) for SQL injection payloads including SLEEP(), UNION SELECT, and boolean AND conditions ↗
- →Flag HTTP requests containing SLEEP() time-based blind injection patterns in the id or section GET parameters ↗
- →Look for sqlmap tamper=space2comment usage against services.php, indicated by comment-obfuscated whitespace in the section parameter ↗
- ·Exploitation was tested specifically against MySQL >= 5.0.12; time-based blind payloads using SLEEP() are MySQL-specific and may not apply to other DBMS backends ↗
- ·Vulnerability is confirmed only in version 1.3 of Boelter Blue System Management; other versions are not assessed ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2024/Jun/0https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.htmlhttps://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_UShttps://sploitus.com/exploit?id=PACKETSTORM:178978https://vuldb.com/?id.267594http://seclists.org/fulldisclosure/2024/Jun/0https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.htmlhttps://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_UShttps://sploitus.com/exploit?id=PACKETSTORM:178978https://vuldb.com/?id.267594
2024-06-12
Published