CVE-2023-27742 PoC — IDURAR ERP/CRM SQL注入漏洞

Source

https://github.com/G37SYS73M/CVE-2023-27742

Associated Vulnerability

Title:IDURAR ERP/CRM SQL注入漏洞 (CVE-2023-27742)
Description:IDURAR ERP/CRM是Salah Eddine Lalami个人开发者的一个开源内容管理系统。 IDURAR ERP/CRM v1版本存在安全漏洞，该漏洞源于通过组件/api/login发现包含SQL注入漏洞。

Description

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

Readme

# CVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

# Description
> IDURAR ERP/CRM v1 was discovered to contain a SQL injection
> vulnerability via the component /api/login.
>
> ------------------------------------------
>
# Vulnerability Type
> SQL Injection
>
> ------------------------------------------
>
# Vendor of Product
> IDURAR ERP/CRM v1
>
> ------------------------------------------
>
# Affected Product Code Base
> https://github.com/idurar/erp-crm - version 1
>
> ------------------------------------------
>
# Attack Type
> Remote
>
> ------------------------------------------
>
# Impact Escalation of Privileges
> true
>
> ------------------------------------------
>
# Attack Vectors
> Use the expression {"$ne":null} in the email keypair in the /api/login request
>
> ------------------------------------------
# Discoverer 
> Soummya Mukhopadhyay @G37SYS73M

File Snapshot


 [4.0K]  /data/pocs/8865e998be72f9e88dda9689fe2a36142bdc9816
├── [ 827]  POC.md
└── [ 949]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!