0

Hey folks, today we will show you (PoC) of “Gila CMS 1.11.8 – ‘query’ SQL Injection” vulnerability. The get parameter “query” is vulnerable, hence we will use the SQL injection tool ๐Ÿ’‰ to retrieve the database.

About the Vulnerability

  • Exploit Author: Carlos Ramรญrez L. (BillyV4)
  • Vendor Homepage: https://gilacms.com/
  • Version: Gila 1.11.8
  • CVE : CVE-2020-5515

Vulnerability Setup

Full Proof of Concept

Step -1

Step -2

Usage ๐Ÿ™‚ < sqlmap > -r <burpsuite capture file > –dbs –level=5 –risk=3

Step -3

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Conact on Linkedin.

One thought on “Exploit Gila CMS 1.11.8 – ‘query’ SQL Injection (PoC)”

  1. Secnhack blogs are helping me alot to learn Pentesting and bug hunting. Hope it will continue in the future with good contents and simply explained articles.

    0

Leave a Reply