Skip to content
Threat Feed
critical threat

eNdonesia Portal 8.7 SQL Injection Vulnerability (CVE-2018-25406)

eNdonesia Portal 8.7 is vulnerable to SQL injection (CVE-2018-25406), allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through specific parameters, potentially leading to data exfiltration.

eNdonesia Portal version 8.7 is vulnerable to SQL injection attacks. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the artid, cid, did, contid, and aboutid parameters in mod.php. The vulnerability exists across multiple modules, including publisher, diskusi, galeri, content, and about. Successful exploitation can lead to the extraction of sensitive information such as database credentials, usernames, and version information, potentially compromising the entire portal and its underlying database. This vulnerability was reported and assigned CVE-2018-25406.

Attack Chain

  1. An unauthenticated attacker identifies an eNdonesia Portal 8.7 instance.
  2. The attacker crafts a malicious HTTP GET or POST request targeting the mod.php script.
  3. The attacker injects SQL code into one of the vulnerable parameters: artid, cid, did, contid, or aboutid.
  4. The crafted request is sent to the eNdonesia Portal server.
  5. The server processes the malicious SQL query without proper sanitization.
  6. The injected SQL code executes arbitrary commands on the database server.
  7. Sensitive data, such as database credentials or user information, is extracted by the attacker through the SQL query.
  8. The attacker uses the extracted information for further malicious activities, potentially gaining complete control of the system.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2018-25406) can lead to the compromise of the eNdonesia Portal and its underlying database. Attackers can extract sensitive information such as database credentials, usernames, and version information. This can result in data breaches, unauthorized access to administrative accounts, and potential defacement or complete takeover of the eNdonesia Portal. Due to the unauthenticated nature of the vulnerability, any publicly accessible instance of eNdonesia Portal 8.7 is at risk.

Recommendation

  • Apply appropriate input validation and sanitization techniques to all user-supplied input, specifically targeting the artid, cid, did, contid, and aboutid parameters in mod.php.
  • Deploy the Sigma rule to detect SQL injection attempts against eNdonesia Portal 8.7 in web server logs.
  • Upgrade to a patched version of eNdonesia Portal that addresses the CVE-2018-25406 vulnerability.

Detection coverage 2

Detect CVE-2018-25406 Exploitation — SQL Injection in eNdonesia Portal

critical

Detects CVE-2018-25406 exploitation — SQL injection attempts targeting the artid, cid, did, contid, and aboutid parameters in eNdonesia Portal's mod.php.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect Potential SQL Injection in eNdonesia Portal Parameters

high

Detects potential SQL injection attempts by looking for common SQL keywords in the artid, cid, did, contid, and aboutid parameters of mod.php.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →