Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtNu11secur1ty1337DAY-ID-38740
HistoryMay 29, 2023 - 12:00 a.m.

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection Vulnerability

2023-05-2900:00:00
nu11secur1ty
0day.today
130
JSON
## Title: SCRMS-2023-05-27-1.0-Multiple-SQLi
## Author: nu11secur1ty
## Vendor: https://github.com/oretnom23
## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `email` parameter appears to be vulnerable to SQL injection
attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or
5206=5213-- were each submitted in the email parameter. These two
requests resulted in different responses, indicating that the input is
being incorporated into a SQL query in an unsafe way. The attacker can
easily steal all users and their passwords for access to the system.
Even if they are strongly encrypted this will get some time, but this
is not a problem for an attacker to decrypt if, if they are not enough
strongly encrypted.

STATUS: HIGH Vulnerability

[+]Payload:
```mysql
---
Parameter: email (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html)

## Time spend:
01:00:00
JSON