Exploit Gila CMS 1.11.8 – ‘query’ SQL Injection (PoC)


Hey folks, today we will show you (PoC) of “Gila CMS 1.11.8 – ‘query’ SQL Injection” vulnerability. The get parameter “query” is vulnerable, hence we will use the SQL injection tool 💉 to retrieve the database.

About the Vulnerability

  • Exploit Author: Carlos Ramírez L. (BillyV4)
  • Vendor Homepage: https://gilacms.com/
  • Version: Gila 1.11.8
  • CVE : CVE-2020-5515

Vulnerability Setup

Full Proof of Concept

Step -1

Step -2

Usage 🙂 < sqlmap > -r <burpsuite capture file > –dbs –level=5 –risk=3

Step -3

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Conact on Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *

× How can I help you?
Share via
Copy link
Powered by Social Snap
%d bloggers like this: