Attacker Value

Very High

Online-Catering-Reservation-DT Food Catering (by: oretnom23 ) v1.0 SQL injection - login

Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

Online-Catering-Reservation-DT Food Catering (by: oretnom23 ) v1.0 SQL injection - login

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Credential Access

Techniques

Validation

Credentials from Password Stores: Credentials from Web Browsers

Validated

Modify Authentication Process

Validated

Execution

Techniques

Validation

Command and Scripting Interpreter: Python

Validated

Exploitation for Client Execution

Validated

Description

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable
in the application /catering/classes/Login.php which is redirected from /catering/dist/js/script.js app.
The SQL injection can be deployed by using the username vulnerable parameter on /catering/admin/login.php.
The parameter is not protected correctly, and there is no security escaping correctly to the MySQL query on /catering/classes/Login.php
when the user is sending fake information or malicious query payload to the database.

Add Assessment

nu11secur1ty (195)

August 24, 2021 10:27am UTC (2 years ago)•

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Gives privileged access Vulnerable in default configuration Authenticated Vulnerable in uncommon configuration

Technical Analysis

Description:

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable
in the application /catering/classes/Login.php which is called from /catering/dist/js/script.js app.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user is sending a request to the MySQL server he can bypass the login credentials and take control of the administer account.

https://www.nu11secur1ty.com/2021/08/online-catering-reservation-dt-sql.html

https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering

and on the owner of the exploit, on the home page:
https://www.nu11secur1ty.com/2021/08/online-catering-reservation-dt-sql.html

Simple proof and simple fix but not strong! =)

https://streamable.com/7qfnkl

BR

References

Exploit

The following exploit POCs have not been verified by Rapid7 researchers, but are sourced from: nomi-sec/PoC-in-GitHub.
Additional sources will be added here as they become relevant.
Notes: We will only add the top 3 POCs for a given CVE. POCs added here must have at least 2 GitHub stars.

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable in the application /catering/classes/Login.php which is redirected from /catering/dist/js/script.js app. The SQL injection can be deployed by using the username vulnerable parameter on /catering/admin/login.php. The parameter is not protected correctly, and there is no security escaping correctly to the MySQL query on /catering/classes/Login.php when the user is sending fake information or malicious query payload to the database. (https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38758)

Rapid7

Very High