| Titre | PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection |
|---|
| Description | A vulnerability has been found in Nipah virus (NiV) – Testing Management System 1.0 and classified as critical. Phpgurukul's Nipah virus (NiV) – Testing Management System Using PHP and MySQL 1.0 has a SQL injection vulnerability in "add-phlebotomist.php" endpoint. The manipulation of the parameter "empid" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Steps to Reproduce:
# Exploit Title: SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System
# Date: 28-11-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :
To reproduce the attack:
1- Login to the Niv Application and head to http://localhost/nipah-tms/add-phlebotomist.php endpoint
2- Here you would be asked to add a phlebotomist and fill out all the details. We give some random value in those parameters and intercept the request.
3- Copy and Save this request in your system, here I saved it in a file "request3.txt".
4- Next we use sqlmap and try to automate the query to find out if any of the three parameters in our "request3.txt" file is vulnerable to sql injection.
5- We find out that the parameter "empid" is vulnerable to sql injection and we got all the databases.
6- This is a critical vulnerability as it can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Remediation:
1- Use prepared statements with parameterized queries. In PHP, you can use PDO (PHP Data Objects) or MySQLi (MySQL Improved) to achieve this.
2- Use stored procedures whenever possible. Stored procedures can help prevent SQL injection by encapsulating the SQL code and allowing the database to execute only the stored procedure.
3- Ensure that your MySQL user accounts have the minimum necessary privileges. Avoid using accounts with global or unnecessary permissions.
|
|---|
| La source | ⚠️ https://github.com/dhabaleshwar/niv_testing_sqli/blob/main/exploit.md |
|---|
| Utilisateur | dhabaleshwar (UID 58737) |
|---|
| Soumission | 28/11/2023 08:41 (il y a 3 ans) |
|---|
| Modérer | 30/11/2023 10:02 (2 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 246423 [PHPGurukul Nipah Virus Testing Management System 1.0 add-phlebotomist.php empid injection SQL] |
|---|
| Points | 20 |
|---|