{
    "id": "9c5505ac-dc05-4699-aa9b-055422b94c01",
    "name": "GeniX CMS SQLi",
    "slug": "genix-cms-sqli",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "657cf698-108b-45a3-993c-d8e238ebbfaf"
        ],
        "pta_sdn": "393",
        "collections": [],
        "pta_manual_id": "3755-24d7-fd4b-7bc9",
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2025-01-07T21:08:00.988741Z",
    "modified": "2025-01-07T21:38:35.453854Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [],
    "tags": [],
    "difficulty": "professional",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": null,
    "explanation_video": null,
    "description": "Welcome to the GeniX CMS SQLi lab! This lab is designed to teach you how to utilize SQLMap to identify and exploit a SQL Injection vulnerability in \"GeniX\" CMS.",
    "description_html": "<p>Welcome to the GeniX CMS SQLi lab! This lab is designed to teach you how to utilize SQLMap to identify and exploit a SQL Injection vulnerability in \"GeniX\" CMS.</p>",
    "tasks": "The objective of this lab is to demonstrate how to exploit a SQLi vulnerability in \"GeniX\" CMS with SQLMap. \n\nLab Tasks\n\n- Identify the SQL Injection vulnerability.\n- Exploit the SQL Injection vulnerability with SQLMap.\n- Enumerate information from the DBMS with SQLMap.",
    "tasks_html": "<p>The objective of this lab is to demonstrate how to exploit a SQLi vulnerability in \"GeniX\" CMS with SQLMap. </p>\n<p>Lab Tasks</p>\n<ul>\n<li>Identify the SQL Injection vulnerability.</li>\n<li>Exploit the SQL Injection vulnerability with SQLMap.</li>\n<li>Enumerate information from the DBMS with SQLMap.</li>\n</ul>",
    "published_date": "2025-01-07T21:38:35.453680Z",
    "solutions": "## Introduction\n\nThe objective of this lab is to demonstrate the exploitation of a SQL Injection (SQLi) vulnerability in the \"GeniX\" CMS using SQLMap.\n\nThe version of \"GeniX\" CMS deployed in the lab environment is vulnerable to a SQL Injection vulnerability identified as CVE-2015-3933.\n\n## Lab Guidelines\nAfter staring the lab, you will be provided with a URL to the target web application. This lab does not provide you with access to a Kali Linux system, as a result, you will need to perform the attacks on your own Kali Linux system or your host operating system.\n\nIn order to complete the Session Fixation challenge, you will require the following tools:\n- Burp Suite/OWASP ZAP\n- SQLMap\n\n\n> This lab can take over 2 minutes to load after opening the URL\n> \n\n\n---\n\n## Task 1: Identify The SQL Injection Vulnerability\n\n**Step 1: \u200bInspect the web application.**\n\n![image1](https://assets.ine.com/lab/learningpath/6d79d15bd5f6cbaf7a74c5ac5881a70a15f06f3fb35beb48287eff709fbaa374.png)\n\n\n**Step 2: \u200bSearch on google \u201cCVE-2015-3933\u201d.**\n\n![image4](https://assets.ine.com/lab/learningpath/6f12e1249a8c9096e174f074218f290e077f82e470f6dfe1aee2ca9a69962a93.png)\n\n\nThe exploit db link contains the steps to be followed to exploit the vulnerability.\n\nExploit DB Link: \u200bhttps://www.exploit-db.com/exploits/37363\n\n![image3](https://assets.ine.com/lab/learningpath/a483cd8b8e33df50f80ebbdcc193b6f3d42f687fd017d246915ea95900c292c4.png)\n\n\n**Step 3: \u200bNavigate to the registration page**\n\n![image2](https://assets.ine.com/lab/learningpath/2598db6a89d814963f737796c53b585108fd09bad391ea9c1d6963d976157395.png)\n\n**Step 4: \u200bInput any data in the fields and click on Submit. Intercept the request with burp suite.**\n\n![image7](https://assets.ine.com/lab/learningpath/82469e9946cccc1904016461c9e255ff6201f1bcd1a3e2da57d9761c1c97d091.png)\n\n**Step 5: \u200bRight-click and select \u201cCopy to file\u201d.**\n\n![image5](https://assets.ine.com/lab/learningpath/c52ded1e642ad9eb4af1f3a2621956a563487281faed01a97d9d80a6ba22d3d9.png)\n\nSave the file as **poc.txt**.\n\n![image0](https://assets.ine.com/lab/learningpath/d3bd9f70a931b89ef6a02a523476f99299d40e8c647cb01f9395337c51ce393c.png)\n\n\n## Task 2: Exploit The SQLi Vulnerability With SQLMap\n\n\u200bRun sqlmap while passing the poc.txt as argument to dump the database.\n\n**Command:**\n\n```\n\u200bsqlmap -r poc.txt --dbs -p userid --force-ssl\n```\n\nArguments:\n- it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific\nfor other DBMSes? [Y/n] [enter n]\n- for the remaining tests, do you want to include all tests for 'MySQL' extending provided\nlevel (1) and risk (1) values? [Y/n] [enter n]\n- POST parameter 'userid' is vulnerable. Do you want to keep testing the others (if any)?\n[y/N] [enter n]\n\n![image10](https://assets.ine.com/lab/learningpath/d11a2c722374cf0b0dd32470107a565ede0d804d782508a3553aea0557aaf29f.png)\n\n\n![image8](https://assets.ine.com/lab/learningpath/47fe4e8105152236cd3ce2acba1272a44c431949a287c3152b3943e95483c25f.png)\n\n\n![image9](https://assets.ine.com/lab/learningpath/d442771cc96e675a9ed20a580699c71f097cfb258c58315df64f0b0861b8cea1.png)\n\nThe Databases has been dumped by exploiting the vulnerability.\n\n\n## References:\n1. GeniXCMS (\u200bhttp://www.genixcms.org/\u200b)\n2. CVE-2015-3933 (\u200bhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3933\u200b)\n3. GeniXCMS 0.0.3 - 'register.php' SQL Injection\n(\u200bhttps://www.exploit-db.com/exploits/37363\u200b)",
    "solutions_html": "<h2>Introduction</h2>\n<p>The objective of this lab is to demonstrate the exploitation of a SQL Injection (SQLi) vulnerability in the \"GeniX\" CMS using SQLMap.</p>\n<p>The version of \"GeniX\" CMS deployed in the lab environment is vulnerable to a SQL Injection vulnerability identified as CVE-2015-3933.</p>\n<h2>Lab Guidelines</h2>\n<p>After staring the lab, you will be provided with a URL to the target web application. This lab does not provide you with access to a Kali Linux system, as a result, you will need to perform the attacks on your own Kali Linux system or your host operating system.</p>\n<p>In order to complete the Session Fixation challenge, you will require the following tools:\n- Burp Suite/OWASP ZAP\n- SQLMap</p>\n<blockquote>\n<p>This lab can take over 2 minutes to load after opening the URL\n</p>\n</blockquote>\n<hr />\n<h2>Task 1: Identify The SQL Injection Vulnerability</h2>\n<p><strong>Step 1: \u200bInspect the web application.</strong></p>\n<p><img alt=\"image1\" src=\"https://assets.ine.com/lab/learningpath/6d79d15bd5f6cbaf7a74c5ac5881a70a15f06f3fb35beb48287eff709fbaa374.png\" /></p>\n<p><strong>Step 2: \u200bSearch on google \u201cCVE-2015-3933\u201d.</strong></p>\n<p><img alt=\"image4\" src=\"https://assets.ine.com/lab/learningpath/6f12e1249a8c9096e174f074218f290e077f82e470f6dfe1aee2ca9a69962a93.png\" /></p>\n<p>The exploit db link contains the steps to be followed to exploit the vulnerability.</p>\n<p>Exploit DB Link: \u200bhttps://www.exploit-db.com/exploits/37363</p>\n<p><img alt=\"image3\" src=\"https://assets.ine.com/lab/learningpath/a483cd8b8e33df50f80ebbdcc193b6f3d42f687fd017d246915ea95900c292c4.png\" /></p>\n<p><strong>Step 3: \u200bNavigate to the registration page</strong></p>\n<p><img alt=\"image2\" src=\"https://assets.ine.com/lab/learningpath/2598db6a89d814963f737796c53b585108fd09bad391ea9c1d6963d976157395.png\" /></p>\n<p><strong>Step 4: \u200bInput any data in the fields and click on Submit. Intercept the request with burp suite.</strong></p>\n<p><img alt=\"image7\" src=\"https://assets.ine.com/lab/learningpath/82469e9946cccc1904016461c9e255ff6201f1bcd1a3e2da57d9761c1c97d091.png\" /></p>\n<p><strong>Step 5: \u200bRight-click and select \u201cCopy to file\u201d.</strong></p>\n<p><img alt=\"image5\" src=\"https://assets.ine.com/lab/learningpath/c52ded1e642ad9eb4af1f3a2621956a563487281faed01a97d9d80a6ba22d3d9.png\" /></p>\n<p>Save the file as <strong>poc.txt</strong>.</p>\n<p><img alt=\"image0\" src=\"https://assets.ine.com/lab/learningpath/d3bd9f70a931b89ef6a02a523476f99299d40e8c647cb01f9395337c51ce393c.png\" /></p>\n<h2>Task 2: Exploit The SQLi Vulnerability With SQLMap</h2>\n<p>\u200bRun sqlmap while passing the poc.txt as argument to dump the database.</p>\n<p><strong>Command:</strong></p>\n<pre class=\"codehilite\"><code>\u200bsqlmap -r poc.txt --dbs -p userid --force-ssl</code></pre>\n\n<p>Arguments:\n- it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific\nfor other DBMSes? [Y/n] [enter n]\n- for the remaining tests, do you want to include all tests for 'MySQL' extending provided\nlevel (1) and risk (1) values? [Y/n] [enter n]\n- POST parameter 'userid' is vulnerable. Do you want to keep testing the others (if any)?\n[y/N] [enter n]</p>\n<p><img alt=\"image10\" src=\"https://assets.ine.com/lab/learningpath/d11a2c722374cf0b0dd32470107a565ede0d804d782508a3553aea0557aaf29f.png\" /></p>\n<p><img alt=\"image8\" src=\"https://assets.ine.com/lab/learningpath/47fe4e8105152236cd3ce2acba1272a44c431949a287c3152b3943e95483c25f.png\" /></p>\n<p><img alt=\"image9\" src=\"https://assets.ine.com/lab/learningpath/d442771cc96e675a9ed20a580699c71f097cfb258c58315df64f0b0861b8cea1.png\" /></p>\n<p>The Databases has been dumped by exploiting the vulnerability.</p>\n<h2>References:</h2>\n<ol>\n<li>GeniXCMS (\u200bhttp://www.genixcms.org/\u200b)</li>\n<li>CVE-2015-3933 (\u200bhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3933\u200b)</li>\n<li>GeniXCMS 0.0.3 - 'register.php' SQL Injection\n(\u200bhttps://www.exploit-db.com/exploits/37363\u200b)</li>\n</ol>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}