CVE-2024-7188
published 2024-07-29CVE-2024-7188: A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.02%
93.4th percentile
A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272609 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bylancer | quicklancer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1)%20AND%20(SELECT%201864%20FROM%20(SELECT(SLEEP(6)))gOGh)%20AND%20(6900=6900&salary-type=1&sort=id&subcat↗
- →Detect time-based blind SQLi exploitation attempts against the `range2` GET parameter on the `/listing` endpoint by looking for SLEEP() payloads in the query string. ↗
- →Alert on HTTP responses to `/listing` with status 200, content-type text/html, and body containing `og:site_name`, `og:locale`, and `range2` simultaneously — the Nuclei matcher fingerprint for successful exploitation. ↗
- →Use the favicon hash 1099370896 in Shodan or FOFA to identify exposed Quicklancer instances for proactive scanning. ↗
- →The vulnerability is exploitable by unauthenticated remote attackers — no session or credentials are required; monitor for anomalous SQL-pattern strings in `range2` parameter from unauthenticated sessions. ↗
- →Response duration >= 6 seconds to `/listing` requests is a reliable indicator of successful time-based blind SQL injection via the `range2` parameter (SLEEP(6) payload). ↗
- ·The vulnerability affects specifically Quicklancer version 2.4; other versions are not confirmed vulnerable. ↗
- ·Both time-based blind and boolean-based blind SQL injection techniques are applicable; detection rules should cover both variants, not just SLEEP-based payloads. ↗
- ·The Nuclei template uses a 30-second timeout for the request; WAF or proxy timeout configurations shorter than this may interfere with time-based detection. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Bylancer Quicklancer 2.4 G - SQL Injection
nuclei·CVSS 6.9
CVE-2024-7188 [MEDIUM] Bylancer Quicklancer 2.4 G - SQL Injection
Bylancer Quicklancer 2.4 G - SQL Injection
A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.
Template:
id: CVE-2024-7188
info:
name: Bylancer Quicklancer 2.4 G - SQL Injection
author: s4e-io
severity: high
description: |
A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.
impact: |
Unauthenticated attackers can exploit time-based and boolean-ba
https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.mdhttps://vuldb.com/?ctiid.272609https://vuldb.com/?id.272609https://vuldb.com/?submit.378279https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.mdhttps://vuldb.com/?ctiid.272609https://vuldb.com/?id.272609https://vuldb.com/?submit.378279
2024-07-29
Published