CVE-2017-17779 – CVE-2017-17779 is a SQL injection vulnerability... (How to Fix)

📋 TL;DR

CVE-2017-17779 is a SQL injection vulnerability in Paid To Read Script 2.0.5 that allows attackers to execute arbitrary SQL commands via the referrals.php id parameter. This affects all websites running this specific version of the script, potentially compromising the entire database.

💻 Affected Systems

Products:

Paid To Read Script

Versions: 2.0.5

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Paid To Read Script version 2.0.5. Earlier versions may also be vulnerable but not confirmed.

📦 What is this software?

Paid To Read Script by Paid To Read Script Project

View all CVEs affecting Paid To Read Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution through database functions.

🟠

Likely Case

Database information disclosure, including user credentials, payment information, and sensitive business data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH - The vulnerability is in a web-accessible script that can be exploited remotely without authentication.

🏢 Internal Only: LOW - The script is designed for public web access, making internal-only exploitation unlikely.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET parameter makes exploitation trivial with standard SQLi tools. Public proof-of-concept exists in the GitHub references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check if you're running Paid To Read Script 2.0.5
2. Replace vulnerable referrals.php file with patched version if available
3. Implement parameterized queries in all database interactions
4. Update to latest version if newer exists

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the id parameter before processing

Edit referrals.php and add: $id = intval($_GET['id']); before SQL query

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS_GET:id "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Disable or remove referrals.php file if not essential
Implement network-level blocking to restrict access to vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check if referrals.php exists and examine version in script headers or configuration files. Test with SQL injection payload: referrals.php?id=1' OR '1'='1

Check Version:

grep -r 'version\|Version' /path/to/paid-to-read-script/ | grep -i '2.0.5'

Verify Fix Applied:

Test with SQL injection payloads after applying fixes. Use automated SQLi scanners or manual testing with error-based payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in web server logs
Multiple requests to referrals.php with SQL syntax in parameters
Database error messages containing SQL fragments

Network Indicators:

HTTP requests to referrals.php with SQL keywords (UNION, SELECT, etc.) in parameters
Abnormal database query patterns from web server

SIEM Query:

source="web_logs" AND uri="*referrals.php*" AND (param="*id=*'*" OR param="*id=*%27*")

📊 Metadata

CVE ID: CVE-2017-17779

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 20, 2017

Last Updated: April 20, 2025

🔗 References

https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md Exploit,Third Party Advisory
https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17779, you might also want to check these: