wtorek, 25 lipca 2017

GeniXCMS SQL Injection quick autopsy - part 2

In the middle of time I was looking for another CVE with a bug described as SQL Injection. Below you will find more details about it.

I found the information about the vulnerability here. Below you can also find it on the screen:


This time we will check CVE-2017-8377. 

As you can see I tried to write proof of concept for version 1.0.1:



Advisory is talking about 1.0.2 but it looks like the poc will work also for other version:


Of course you can change the payload to extract something else. Below example for the user():


Poc is available on my github. In case of any questions, feel free to mail me or find me @twitter.

Cheers

Brak komentarzy:

Prześlij komentarz