Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Petrol pump management software free download - web_crud.php SQL injection #3

Open
1097hzy opened this issue Apr 15, 2024 · 0 comments
Open

Petrol pump management software free download - web_crud.php SQL injection #3

1097hzy opened this issue Apr 15, 2024 · 0 comments

Comments

@1097hzy
Copy link

1097hzy commented Apr 15, 2024

NAME OF AFFECTED PRODUCT(S)

  • Petrol pump management software free download

Vendor Homepage

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • xuanluansec

Vulnerable File

  • web_crud.php

VERSION(S)

  • V1.0

Software Link

PROBLEM TYPE

Vulnerability Type

  • SQL injection

Root Cause

  • Retrieve user input from the POST element using the PHP method on line 225 of the \admin\app\web_crud.php file. Then, the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the PHP method on line 225 of the \admin\app\web_crud.php file. This vulnerability may allow attackers to gain database privileges, allowing them to access a large amount of data in the database. If the other party's database has DBA privileges, it may result in server host privileges being obtained
  • 1

Impact

  • Attackers can exploit this vulnerability to gain database privileges, which can result in a large amount of data in the database. If the other party's database has DBA privileges, it may lead to server host privileges being obtained.

DESCRIPTION

  • xuanluansec has discovered a serious issue in "php task management system free download" that can allow attackers to obtain large amounts of database content through SQL injection attacks.

Vulnerability details and POC

Payload

  • update3=yes&encryption=1&host=1&port=1&username=1&password=2&email=1&id=1' AND (SELECT * FROM(SELECT COUNT(*),CONCAT(0x01,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,54) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6,1),0x00,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)--
  • 2
  • 3
  • Running this payload will reveal the name of the database. This indicates that SQL injection vulnerability has been successfully executed in the database, allowing for database querying. Apart from error-based injection, there also exists time-based blind injection, boolean-based blind injection, and stacked query injection vulnerabilities.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@1097hzy