SQL injection vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to execute arbitrary SQL commands via the txtFrom parameter.
Vulnerability Path : http://127.0
This Vulnerablity is boolean-based blind sqlinjection
first i visit a link to find a sqlquery error message
the error message is :
Syntax error in query expression '([From] Not Like '%esmhome.com%' And [From] Like '%google%' AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0 AND '%''='%' And True And True ) ORDER BY [id] DESC;'.
/sanadata/seo/index.asp, line 92
When we visit the link
retuen result is true
then visite the link is false
So i can confirm there is a boolean-based blind sqlinjection Vulnerablity.