Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-2531. PoCs published by Eric Flokstra.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in InterWorx Web Control Panel by manipulating the 'i' parameter in a POST request to /xhr.php. The payload uses a CASE statement to conditionally sort data based on the first character of the MySQL version, proving lack of input validation.
Description
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in InterWorx Web Control Panel by manipulating the 'i' parameter in a POST request to /xhr.php. The payload uses a CASE statement to conditionally sort data based on the first character of the MySQL version, proving lack of input validation.