ASP.NET jVideo Kit SQL Injection Vulnerability

A SQL injection vulnerability has been identified in ASP.NET jVideo Kit version 1.0. This vulnerability allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. The injection can be performed via GET or POST requests to the /search endpoint. Exploitation of this vulnerability could lead to the extraction of sensitive database information using boolean-based blind or error-based SQL injection techniques.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract, modify, or delete database information. In this case, the vulnerability could be exploited using boolean-based blind or error-based SQL injection techniques, according to the VulnCheck advisory.

Reproduction

To reproduce this vulnerability, send a GET or POST request to the /search endpoint with a crafted SQL payload in the 'query' parameter. The injection can be verified by using payloads that exploit boolean-based blind or error-based SQL injection vulnerabilities.