CVE-2022-46443
published 2022-12-14CVE-2022-46443: mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
37.73%
98.4th percentile
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bangresto_project | bangresto | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commanditemID[]=1&itemqty[]=2 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x716a7a6b71,md5({{num}}),0x7178717a71,0x78))s), 8446744073709551610, 8446744073709551610)))&sentorder=Sent to kitchen↗
bytes↗
0x716a7a6b71 ... 0x7178717a71 ... 0x78
- →SQL injection is delivered via the `itemqty[]` (URL-encoded: `itemqty%5B%5D`) POST parameter in a request to `/bangresto-main/staff/insertorder.php`. Monitor POST bodies to this endpoint for SQL keywords such as SELECT, IF, CONCAT, or integer overflow values. ↗
- →The exploit uses a two-step authentication flow: first POST to `/bangresto-main/staff/process.php` with credentials, then POST the SQLi payload to `/bangresto-main/staff/insertorder.php`. Correlate both requests from the same source IP. ↗
- →The SQLi payload uses MySQL integer overflow technique with the magic value 8446744073709551610 and CONCAT with hex-encoded canary strings (0x716a7a6b71, 0x7178717a71). Detect these literals in POST body traffic. ↗
- →The Content-Type for the injection request is `application/x-www-form-urlencoded` (without charset). The `sentorder` field value is `Sent to kitchen`, which can serve as an additional filter alongside SQLi indicators. ↗
- ·The exploit requires prior authentication (valid `username` and `password`) before the SQLi payload can be submitted. The vulnerability is post-auth (CVSS PR:L), so detection should account for authenticated sessions. ↗
- ·The Nuclei template targets a fixed install path `/bangresto-main/`. Deployments at non-default paths will not match path-based detection rules without adjustment. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Bangresto - SQL Injection
nuclei·CVSS 8.8
CVE-2022-46443 [HIGH] Bangresto - SQL Injection
Bangresto - SQL Injection
Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
Template:
id: CVE-2022-46443
info:
name: Bangresto - SQL Injection
author: Harsh
severity: high
description: |
Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and underlying database.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://yuyudhn.github.io/CVE-2022-46443/
- https://nvd.nist.gov/vuln/detail/CVE-2022-46443
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id:
No writeups or analysis indexed.
2022-12-14
Published