CVE-2023-24728: CVE/CVE-2023-24728.txt at main · rahulpatwari/CVE

Permalink

Cannot retrieve contributors at this time

> [Suggested description]

> Simple Customer Relationship Management System v1.0 as discovered to

> contain a SQL injection vulnerability via the contact parameter in the

> user profile update function.

>

> ------------------------------------------

>

> [Additional Information]

> Steps-To-Reproduce:

>

> 1. Now login user with the valid user credential.

> URL: http://localhost/php-scrm/login.php

> 2. Now Navigate to the “Request a Quote” page By following the URL: http://localhost/php-scrm/get-quote.php

> 3. Now fill out the required form filed then intercept the request in the burp suite.

> 4. Now send the burp suite intercepted request into the burp repeater and insert a single quote after the contact value to break the query and send the request.

> Payload: contact’

> 6. In the response you will see No data will show.

> 7. Now insert the single quote again to merge the query and send the request.

> Payload: contact’’

> 8. Now right-click and click on copy to file option on intercepted request and create a file request.txt

> 9. Now fetch current databases by sqlmap.

> Command: sqlmap -r requests.txt -p contact --current-db --batch

> 10. Now dump all data by sqlmap.

> Command: sqlmap -r requests.txt -p contact --dump --batch

>

> ------------------------------------------

>

> [Vulnerability Type]

> SQL Injection

>

> ------------------------------------------

>

> [Vendor of Product]

> https://www.sourcecodester.com

>

> ------------------------------------------

>

> [Affected Product Code Base]

> Simple Customer Relationship Management (CRM) System - v 1.0

>

> ------------------------------------------

>

> [Affected Component]

> http://localhost/php-scrm/get-quote.php

>

> ------------------------------------------

>

> [Attack Type]

> Remote

>

> ------------------------------------------

>

> [Impact Code execution]

> true

>

> ------------------------------------------

>

> [Impact Escalation of Privileges]

> true

>

> ------------------------------------------

>

> [Impact Information Disclosure]

> true

>

> ------------------------------------------

>

> [Attack Vectors]

> SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. an attacker can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.

>

> SQL injection attacks can be used to perform a variety of malicious actions, including:

> 1. Extracting sensitive data from the database, such as passwords, financial information, or personal information.

> 2. Modifying or deleting data from the database, potentially causing incorrect results or system failures.

> 3. Executing arbitrary commands on the database server, such as shutting down the server or creating new user accounts.

> 4. Gaining unauthorized access to the underlying operating system and taking complete control of the server.

>

> ------------------------------------------

>

> [Reference]

> https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html

> https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip

>

> ------------------------------------------

>

> [Discoverer]

> Rahul Patwari

Use CVE-2023-24728.