| Titre | GitHub Insurance Management System 1.0 SQL Injection |
|---|
| Description | SQL Injection Vulnerability in Life Insurance Management System
1. Description
A SQL Injection (SQLi) vulnerability has been identified in the Life Insurance Management System at the clientStatus.php endpoint. This vulnerability allows an attacker to manipulate SQL queries by injecting malicious input into the client_id parameter, leading to unauthorized access and data extraction from the application's database.
2. Vulnerable Endpoint
URL: http://localhost/life-insurance-management-system/lims/clientStatus.php?client_id=
Vulnerable Parameter: client_id
3. Impact
Confidentiality: An attacker can exploit this vulnerability to dump sensitive data from the database, including user information, financial records, and other confidential data.
Integrity: By manipulating database queries, an attacker could alter data, compromising the integrity of the stored information.
Availability: The attacker could potentially delete data or cause a denial of service (DoS) by triggering long-running queries or altering database structures.
Authentication Bypass: If exploited correctly, this vulnerability could allow attackers to bypass authentication mechanisms, gaining unauthorized access to restricted areas of the application.
Exploitation Details
Tool Used: sqlmap
Command Executed:
sqlmap -u http://localhost/life-insurance-management-system/lims/clientStatus.php?client_id=1* --dump-all
Result: Successful extraction of all data from the database, including sensitive information such as user credentials, personal data, and other critical records.
Impact
Confidentiality: Full disclosure of all data within the application's database, including potentially sensitive information like user details, financial records, and system configurations.
Integrity: Potential manipulation or alteration of data within the database, leading to compromised data integrity.
Availability: The ability to execute arbitrary SQL commands could lead to the deletion of data or disruption of the database, impacting the application's availability.
Authentication Bypass: This vulnerability could be used to bypass authentication mechanisms, giving unauthorized users access to restricted areas of the application.
Proof of Concept
Attack Execution:
The attacker utilized sqlmap, an automated SQL injection tool, to exploit the vulnerability without needing to manually craft SQL payloads. The command used successfully identified and exploited the SQLi, leading to the complete dumping of the database.
Extracted Data:
The full database, including all tables and records, was extracted. Sensitive data such as usernames, passwords (potentially in plaintext or weakly hashed), and personal information were disclosed.
Recommendations
To mitigate this SQL Injection vulnerability, the following measures are strongly recommended:
Parameterized Queries: Implement parameterized queries or prepared statements to prevent SQL injection by treating user inputs as data rather than executable code.
Input Validation: Enforce strict input validation and sanitization to ensure that only expected and safe inputs are processed by the application.
Least Privilege Principle: Ensure that the database user account used by the application has the minimum privileges necessary, reducing the potential impact of an SQLi attack.
Error Handling: Implement proper error handling to avoid revealing database or system information that could be exploited by attackers.
|
|---|
| La source | ⚠️ http://localhost/life-insurance-management-system/lims/clientStatus.php?client_id= |
|---|
| Utilisateur | fahadletsleep (UID 73320) |
|---|
| Soumission | 10/08/2024 13:49 (il y a 2 ans) |
|---|
| Modérer | 18/08/2024 10:24 (8 days later) |
|---|
| Statut | Dupliqué |
|---|
| Entrée VulDB | 199683 [Insurance Management System 1.0 clientStatus.php client_id injection SQL] |
|---|
| Points | 0 |
|---|