CVE-2023-24729: CVE/CVE-2023-24729.txt at main · rahulpatwari/CVE

> [Suggested description] > Simple Customer Relationship Management System v1.0 as discovered to > contain a SQL injection vulnerability via the address parameter in the > user profile update function. > > ------------------------------------------ > > [Additional Information] > Steps-To-Reproduce: > 1. Now register a new user by navigating the below URL. > URL: http://localhost/php-scrm/registration.php > 2. Now login user with the valid user credential. > URL: http://localhost/php-scrm/login.php > 3. Now Navigate to the profile update page By following the URL: http://localhost/php-scrm/profile.php > 4. Now fill out your profile form then intercept the request in the burp suite. > 5. Now send the burp suite intercepted request into the burp repeater and insert single qoute after address value to breake the query and send the request… > Payload: address’ > 6. In the response you will see the error is shown from Sql. > 7. Now insert the single quote again to merge the query and send the request… > Payload: address’’ > 8. Now right-click and click on copy to file option on intercepted request and create a file request.txt > 9. Now fetch current databases by sqlmap. > Command: sqlmap -r request.txt -p address --current-db --batch > 10. Now dump all data by sqlmap. > Command: sqlmap -r request.txt -p address --dump --batch > > ------------------------------------------ > > [Vulnerability Type] > SQL Injection > > ------------------------------------------ > > [Vendor of Product] > https://www.sourcecodester.com > > ------------------------------------------ > > [Affected Product Code Base] > Simple Customer Relationship Management (CRM) System - v 1.0 > > ------------------------------------------ > > [Affected Component] > http://localhost/php-scrm/profile.php > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Code execution] > true > > ------------------------------------------ > > [Impact Escalation of Privileges] > true > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. an attacker can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database. > > SQL injection attacks can be used to perform a variety of malicious actions, including: > 1. Extracting sensitive data from the database, such as passwords, financial information, or personal information. > 2. Modifying or deleting data from the database, potentially causing incorrect results or system failures. > 3. Executing arbitrary commands on the database server, such as shutting down the server or creating new user accounts. > 4. Gaining unauthorized access to the underlying operating system and taking complete control of the server. > > ------------------------------------------ > > [Reference] > https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html > https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip > > ------------------------------------------ > > [Discoverer] > Rahul Patwari Use CVE-2023-24729.