Hey folks, today we will show you (PoC) of “Gila CMS 1.11.8 – ‘query’ SQL Injection” vulnerability. The get parameter “query” is vulnerable, hence we will use the SQL injection tool πŸ’‰ to retrieve the database.

About the Vulnerability

  • Exploit Author: Carlos RamΓ­rez L. (BillyV4)
  • Vendor Homepage: https://gilacms.com/
  • Version: Gila 1.11.8
  • CVE : CVE-2020-5515

Vulnerability Setup

Full Proof of Concept

Step -1

Step -2

Usage πŸ™‚ < sqlmap > -r <burpsuite capture file > –dbs –level=5 –risk=3

Step -3

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Conact on Linkedin.

One thought on “Exploit Gila CMS 1.11.8 – ‘query’ SQL Injection (PoC)”

  1. Secnhack blogs are helping me alot to learn Pentesting and bug hunting. Hope it will continue in the future with good contents and simply explained articles.

Leave a Reply

Your email address will not be published. Required fields are marked *