Hey folks, today we will show you (PoC) of “Gila CMS 1.11.8 – ‘query’ SQL Injection” vulnerability. The get parameter “query” is vulnerable, hence we will use the SQL injection tool ๐Ÿ’‰ to retrieve the database.

About the Vulnerability

  • Exploit Author: Carlos Ramรญrez L. (BillyV4)
  • Vendor Homepage: https://gilacms.com/
  • Version: Gila 1.11.8
  • CVE : CVE-2020-5515

Vulnerability Setup

Full Proof of Concept

Step -1

Step -2

Usage ๐Ÿ™‚ < sqlmap > -r <burpsuite capture file > –dbs –level=5 –risk=3

Step -3

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Conact on Linkedin.

One thought on “Exploit Gila CMS 1.11.8 – ‘query’ SQL Injection (PoC)”

  1. Secnhack blogs are helping me alot to learn Pentesting and bug hunting. Hope it will continue in the future with good contents and simply explained articles.

Leave a Reply