CVE-2017-17622
📋 TL;DR
This vulnerability allows attackers to execute arbitrary SQL commands via the 'sort' parameter in exams.php in Online Exam Test Application Script 1.6. This affects any organization using this specific version of the web application. Attackers can potentially access, modify, or delete database content.
💻 Affected Systems
- Online Exam Test Application Script
📦 What is this software?
Online Exam Test Application Script by Online Exam Test Application Script Project
View all CVEs affecting Online Exam Test Application Script →
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database permissions allow.
Likely Case
Unauthorized data access, data exfiltration, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
Multiple public exploit scripts available. No authentication required to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - No official patch identified
Vendor Advisory: No vendor advisory found
Restart Required: No
Instructions:
1. Review application source code
2. Implement parameterized queries for all database operations
3. Add input validation for the sort parameter
4. Test thoroughly before deployment
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to only allow specific, safe values for the sort parameter
// PHP example: if(!in_array($_GET['sort'], ['safe_value1', 'safe_value2'])) { die('Invalid parameter'); }
Web Application Firewall Rule
linuxBlock SQL injection patterns in the sort parameter
ModSecurity rule: SecRule ARGS:sort "@detectSQLi" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with SQL injection detection rules
- Restrict network access to only trusted IP addresses
🔍 How to Verify
Check if Vulnerable:
Test the exams.php endpoint with SQL injection payloads in the sort parameter (e.g., sort=1' OR '1'='1)Check Version:
Check application files for version information or review source code commentsVerify Fix Applied:
Attempt SQL injection tests and verify they are blocked or sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts following SQL injection patterns
- Unexpected database queries
Network Indicators:
- HTTP requests with SQL keywords in sort parameter
- Unusual database traffic patterns
SIEM Query:
source="web_logs" AND (uri="*exams.php*" AND query="*sort=*'*" OR query="*sort=*%27*")🔗 References
- https://packetstormsecurity.com/files/145329/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
- https://packetstormsecurity.com/files/145334/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
- https://www.exploit-db.com/exploits/43291/
- https://packetstormsecurity.com/files/145329/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
- https://packetstormsecurity.com/files/145334/Online-Exam-Test-Application-Script-1.6-SQL-Injection.html
- https://www.exploit-db.com/exploits/43291/
