CVE-2021-3018 PoC — Ipeak Ibexwebcms SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-3018.yaml

Associated Vulnerability

Title:Ipeak Ibexwebcms SQL注入漏洞 (CVE-2021-3018)
Description:Ipeak Ibexwebcms是挪威Ipeak公司的一款用于预定住房的建站系统。 ipeak Infosystems ibexwebCMS (IPeakCMS) 3.5 存在SQL注入漏洞，该漏洞源于/cms/print.php页面id参数的未经验证。

Description

ipeak Infosystems ibexwebCMS 3.5 contains an unauthenticated Boolean-based SQL injection caused by unsanitized 'id' parameter in /cms/print.php, letting attackers execute arbitrary SQL commands, exploit requires no authentication.

File Snapshot


 id: CVE-2021-3018

info:
  name: IPeakCMS 3.5 - SQL Injection
  author: theamanrawat
  severity: cri

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!