SCRMS 2023-05-27 1.0 Multiple SQL Injection

2023.06.22
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

## Exploit Title: SCRMS 2023-05-27 1.0 - Multiple SQLi ## Author: nu11secur1ty ## Date: 05.27.2023 ## Vendor: https://github.com/oretnom23 ## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html ## Reference: https://portswigger.net/web-security/sql-injection ## Description: The `email` parameter appears to be vulnerable to SQL injection attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or 5206=5213-- were each submitted in the email parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. The attacker can easily steal all users and their passwords for access to the system. Even if they are strongly encrypted this will get some time, but this is not a problem for an attacker to decrypt if, if they are not enough strongly encrypted. STATUS: HIGH Vulnerability [+]Payload: ```mysql --- Parameter: email (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login= --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html) ## Time spend: 01:00:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top