CVE-2024-34222 PoC — Human Resource Management System 安全漏洞

Source

https://github.com/dovankha/CVE-2024-34222

Associated Vulnerability

Title:Human Resource Management System 安全漏洞 (CVE-2024-34222)
Description:Human Resource Management System是maverickosama个人开发者的一个人力资源管理系统。 Sourcecodester Human Resource Management System 1.0版本存在安全漏洞，该漏洞源于容易受到SQL注入攻击。

Description

CVE-2024-34222 | SQL injection

Readme

# Human Resource Management System 1.0
#### Submitter: Kha Do

## Vulnerability
SQL injection

## Description
SQL injection vulnerability in /hrm/country.php in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the **searccountry** parameters.

## Affected component
Path URL: /hrm/country.php

Parameter: **&searccountry**=[inject here]

## Impact
This vulnerability allow attackers allow attackers to execute arbitrary SQL commands via the **searccountry** parameters

## POC
When searching country with the incorrect condition `' and '1'='2'#`, no results are returned: 
![incorrect](https://github.com/dovankha/CVE-2024-34222/assets/63991630/34444a26-a42f-4cb4-928d-32ec39c3c35f)

And, when searching country with the incorrect condition `' and '1'='1'#`, all results are returned: 
![correct](https://github.com/dovankha/CVE-2024-34222/assets/63991630/6c3a0476-5346-443a-b361-c910f9fa0cac)

File Snapshot


 [4.0K]  /data/pocs/96cd95321a648c12ab18e0a9f2d80c74901a38f0
└── [ 952]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!