Newsbull Haber Script SQL Injection Vulnerability

A series of SQL injection vulnerabilities have been identified in Newsbull Haber Script version 1.0.0. These vulnerabilities reside within the search parameter of various admin record endpoints, including comments, categories, news, and menu children. Authenticated attackers can exploit these vulnerabilities using time-based, blind, and boolean-based injection techniques to manipulate database queries and extract sensitive information from the database.

Impact

Exploitation of these vulnerabilities allows for unauthorized database access, enabling attackers to retrieve sensitive information from the database.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to one of the vulnerable endpoints with a crafted SQL injection payload in the search parameter. The injection can be performed using time-based, blind, or boolean-based techniques, depending on the chosen payload.