Exploits / Vulnerability Discovered : 2023-04-07 |
Type : webapps |
Platform : php
This exploit / vulnerability Churchcrm 4.5.1 authenticated sql injection is for educational purposes only and if it is used you will do on your own risk!
"""
The endpoint /EventAttendance.php is vulnerable to Authenticated SQL Injection (Union-based and Blind-based) via the Event GET parameter.
This endpoint can be triggered through the following menu: Events - Event Attendance Reports - Church Service/Sunday School.
The Event Parameter is taken directly from the query string and passed into the SQL query without any sanitization or input escaping.
This allows the attacker to inject malicious Event payloads to execute the malicious SQL query.
This script is created as Proof of Concept to retrieve the username and password hash from user_usr table.
"""