Skip to content

Instantly share code, notes, and snippets.

@senzee1984

senzee1984/CVE-2022-36636.md

Last active September 2, 2022 19:59
Show Gist options
  • Save senzee1984/80b30d65968fc3a72c58072e3053acf0 to your computer and use it in GitHub Desktop.
Save senzee1984/80b30d65968fc3a72c58072e3053acf0 to your computer and use it in GitHub Desktop.
Download ZIP
Public Reference for CVE-2022-36636
Raw
CVE-2022-36636.md

Product: Garage Management System

Vendor: https://www.sourcecodester.com/users/mayurik

Affected Version(s): 1.0

CVE ID: CVE-2022-36636

Description: Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php

Vulnerability Type: SQL injection

Root Cause: Parameter "id" in /print.php does not have user input sanitization.

Impact: An attacker is able to extract sensitive data from the database.

PoC: 1: Access http://hostname/garage/print.php?id=1, then use burpsuite to intercept the request and save it as a txt file. 2: Use sqlmap to dump the databse automatically.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment