| عنوان | code-projects Inventory Management 1.0 SQL Injection |
|---|
| الوصف | Vulnerability Description:
An Authenticated SQL Injection vulnerability was discovered in the Inventory Management Web Application, specifically in the editProduct.php page. The vulnerability occurs due to improper handling of user-controlled input in the id parameter passed through the URL (GET method).
This vulnerability allows authenticated attackers to inject arbitrary SQL queries through the id parameter. The attacker can manipulate the URL, crafting an injection to trigger a time-based SQL injection (using sleep function) and potentially extract sensitive information from the database.
Vulnerable Code Section:
if(isset($_GET['id'])){
$id= $_GET['id'];
$sql= "SELECT * from products WHERE id='$id' limit 1";
$res= mysqli_fetch_assoc($conn->query($sql));
}
Proof of Concept (PoC):
Location: http://localhost/Inventory-Management/model/editProduct.php?id=12%27XOR(if(now()=sysdate(),sleep(5),0))XOR%27Z
Payload: 12' XOR(if(now()=sysdate(),sleep(5),0)) XOR 'Z
Exploit: An attacker can trigger the SQL injection by injecting the payload into the id parameter, which results in a delay in the response if the payload is successful. This confirms that the server is vulnerable to time-based SQL injection.
Check out full advisory please. |
|---|
| المصدر | ⚠️ https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md |
|---|
| المستخدم | sh3rl0ckpgp (UID 77534) |
|---|
| ارسال | 13/11/2024 11:38 AM (2 سنوات منذ) |
|---|
| الاعتدال | 15/11/2024 09:47 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 284686 [code-projects Inventory Management حتى 1.0 /model/editProduct.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|