CVE-2023-1606
📋 TL;DR
This is a SQL injection vulnerability in novel-plus 3.6.2 that allows remote attackers to execute arbitrary SQL commands via the 'orderby' parameter in DictController.java. Attackers can potentially read, modify, or delete database contents. All novel-plus 3.6.2 installations with the vulnerable component are affected.
💻 Affected Systems
- novel-plus
📦 What is this software?
Novel Plus by Xxyopen
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, and potential remote code execution if database permissions allow.
Likely Case
Unauthorized data access and extraction from the database, potentially including user credentials and sensitive application data.
If Mitigated
Limited impact due to proper input validation, parameterized queries, and database permission restrictions.
🎯 Exploit Status
Public proof-of-concept exists, making exploitation straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: Yes
Instructions:
1. Check for official patch from novel-plus developers. 2. If patch available, download and apply. 3. Restart the novel-plus application. 4. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to reject or sanitize the 'orderby' parameter before processing.
# Modify DictController.java to validate orderby parameter
# Example: if (!orderby.matches("^[a-zA-Z0-9_]+$")) { throw new IllegalArgumentException(); }
Web Application Firewall
allDeploy WAF with SQL injection rules to block malicious orderby parameter values.
# Configure WAF to block SQL injection patterns in orderby parameter
# Example mod_security rule: SecRule ARGS:orderby "@detectSQLi" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Implement network segmentation to restrict access to novel-plus application from untrusted networks.
- Enable database auditing and monitoring to detect SQL injection attempts and unusual database queries.
🔍 How to Verify
Check if Vulnerable:
Test the vulnerable endpoint with SQL injection payloads in the orderby parameter and observe if database errors or unexpected results occur.Check Version:
Check novel-plus version in application configuration or about page. For Linux: grep -r "version" /path/to/novel-plus/config/ files.Verify Fix Applied:
After applying fixes, test with the same SQL injection payloads and verify they are rejected or properly sanitized without affecting functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple requests with SQL keywords in orderby parameter
- Database query errors containing malicious SQL fragments
Network Indicators:
- HTTP requests containing SQL injection patterns in orderby parameter
- Unusual database query patterns from application server
SIEM Query:
source="novel-plus.logs" AND ("orderby" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "UPDATE" OR "--" OR "'" OR ";"))