After my last CTF I found one new SQL injection in CMS called GeniXCMS. Below few details about the bug.
Here you will find first link I found about it.
I decided to find and read mentioned CVE.
Soft grabbed from sourceforge:
Surprisingly I found few more details about the bug in CVE. ;]
Great! ;] We're ready to check it now (by the way, there is also a poc-request
We're logged-in as an admin user. Session cookie's grabbed by Burp, so we can test this request:
Seems nice ;]
Should be enough to prepare a working poc ;)