Skip to content
Permalink
gh-pages
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
layout title description tags
post
CVE-2021-3018 - IPeakCMS v3.5 SQLi
IPeak CMS Blind SQLi version 3.5
exploits bugbounty

Hi there!, this will be short explaination of the vulnerability I've found at IPeakCMS 3.5 which is SQLi and it's Blind so let's begin ...

Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e

CVE-ID : CVE-2021-3018

Vulnerable endpoint/script : site.com/cms/print.php

Injection type : Boolean-based blind

Tested on : IPeakCMS 3.5

Injection tool : SQLmap 1.3.2

Injection tool : SQLmap 1.3.2

Screeshot POC :

image

More info :

I think this is all i need to proof until the Bug is patched!

Thanks for reading this.