Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2023-24728/CVE-2023-24728.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
88 lines (87 sloc)
3.29 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Suggested description] | |
| > Simple Customer Relationship Management System v1.0 as discovered to | |
| > contain a SQL injection vulnerability via the contact parameter in the | |
| > user profile update function. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Additional Information] | |
| > Steps-To-Reproduce: | |
| > | |
| > 1. Now login user with the valid user credential. | |
| > URL: http://localhost/php-scrm/login.php | |
| > 2. Now Navigate to the "Request a Quote" page By following the URL: http://localhost/php-scrm/get-quote.php | |
| > 3. Now fill out the required form filed then intercept the request in the burp suite. | |
| > 4. Now send the burp suite intercepted request into the burp repeater and insert a single quote after the contact value to break the query and send the request. | |
| > Payload: contact' | |
| > 6. In the response you will see No data will show. | |
| > 7. Now insert the single quote again to merge the query and send the request. | |
| > Payload: contact'' | |
| > 8. Now right-click and click on copy to file option on intercepted request and create a file request.txt | |
| > 9. Now fetch current databases by sqlmap. | |
| > Command: sqlmap -r requests.txt -p contact --current-db --batch | |
| > 10. Now dump all data by sqlmap. | |
| > Command: sqlmap -r requests.txt -p contact --dump --batch | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > SQL Injection | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > https://www.sourcecodester.com | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Product Code Base] | |
| > Simple Customer Relationship Management (CRM) System - v 1.0 | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Component] | |
| > http://localhost/php-scrm/get-quote.php | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Type] | |
| > Remote | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Code execution] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Escalation of Privileges] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Information Disclosure] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Vectors] | |
| > SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. an attacker can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database. | |
| > | |
| > SQL injection attacks can be used to perform a variety of malicious actions, including: | |
| > 1. Extracting sensitive data from the database, such as passwords, financial information, or personal information. | |
| > 2. Modifying or deleting data from the database, potentially causing incorrect results or system failures. | |
| > 3. Executing arbitrary commands on the database server, such as shutting down the server or creating new user accounts. | |
| > 4. Gaining unauthorized access to the underlying operating system and taking complete control of the server. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Reference] | |
| > https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html | |
| > https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Discoverer] | |
| > Rahul Patwari | |
| Use CVE-2023-24728. |