Exploit Title: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to sql injection
Exploit date: 11.04.2022
Exploit Author: ericfrank900528@gmail.com
Vendor Homepage: https://github.com/ionize/ionize
Affect Version: V1.0.8.1
Description: SQL injection in Ionize CMS 1.0.8.1 allows attackers to execute commands remotely via a sql injection request from client.
2.Vulnerability Description
The exploit code is located in the project's application/models/article_model.php file
In the shift_article_ordering method, the code is as follows.
The POST parameter id_page is spliced into the sql statement without any processing or inspection, resulting in a SQL injection vulnerability.
3.How to Exploit
3.1Construct normal packet and send. In the image below, you can see that there is a 2 second network delay.
3.2Construct the injected data to execute sleep(1). It can be found that the delay is more than 4 seconds. It is speculated that there are 4 records in total, so sleep(1) is executed 4 times.
3.3Construct the injection again to execute sleep(3), this time with a delay of 2 + 4*3 = 14 seconds if the guess is correct.
4.Suggestion
Validate the parameters in the post request to avoid SQL injection
The text was updated successfully, but these errors were encountered:
1.Information
Exploit Title: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to sql injection
Exploit date: 11.04.2022
Exploit Author: ericfrank900528@gmail.com
Vendor Homepage: https://github.com/ionize/ionize
Affect Version: V1.0.8.1
Description: SQL injection in Ionize CMS 1.0.8.1 allows attackers to execute commands remotely via a sql injection request from client.
2.Vulnerability Description
The exploit code is located in the project's application/models/article_model.php file

In the shift_article_ordering method, the code is as follows.
The POST parameter id_page is spliced into the sql statement without any processing or inspection, resulting in a SQL injection vulnerability.
3.How to Exploit
3.1Construct normal packet and send. In the image below, you can see that there is a 2 second network delay.

3.2Construct the injected data to execute

sleep(1). It can be found that the delay is more than 4 seconds. It is speculated that there are 4 records in total, sosleep(1)is executed 4 times.3.3Construct the injection again to execute

sleep(3), this time with a delay of2 + 4*3 = 14seconds if the guess is correct.4.Suggestion
Validate the parameters in the post request to avoid SQL injection
The text was updated successfully, but these errors were encountered: