提出 #246745: PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection情報

タイトル	PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection
説明	Hello there, My name is Dhabaleshwar Das, a cyber security researcher. I recently found an Unauthenticated SQL Injection vulnerability in Nipah virus (NiV) – Testing Management System. Here is the PoC below: Bug Description: A vulnerability has been found in Nipah virus (NiV) – Testing Management System 1.0 and classified as critical. Phpgurukul's Nipah virus (NiV) – Testing Management System Using PHP and MySQL 1.0 has an Unauthenticated SQL injection vulnerability in "password-recovery.php" endpoint. The manipulation of the parameter "username" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities. Steps to Reproduce: # Exploit Title: SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System # Date: 03-12-2023 # Exploit Author: dhabaleshwardas # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: firefox/chrome/brave # CVE : To reproduce the attack: 1- As this is an Unauthenticated SQL injection vulnerability, directly head to http://localhost/nipah-tms/password-recovery.php endpoint. 2- Here you would be asked to fill out all the details. We give some random value in those parameters and intercept the request. 3- Copy and Save this request in your system, here I saved it in a file "request3.txt". 4- Next we use sqlmap and try to automate the query to find out if any of the parameters in our "request3" file is vulnerable to sql injection. 5- We find out that the parameter "username" is vulnerable to sql injection and we got all the databases. 6- This is a critical vulnerability as it can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities. Remediation: 1- Use prepared statements with parameterized queries. In PHP, you can use PDO (PHP Data Objects) or MySQLi (MySQL Improved) to achieve this. 2- Use stored procedures whenever possible. Stored procedures can help prevent SQL injection by encapsulating the SQL code and allowing the database to execute only the stored procedure.
ソース	⚠️ https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md
ユーザー	dhabaleshwar (UID 58737)
送信	2023年12月03日 18:21 (2 年 ago)
モデレーション	2023年12月09日 18:08 (6 days later)
ステータス	承諾済み
VulDBエントリ	247341 [PHPGurukul Nipah Virus Testing Management System 1.0 password-recovery.php username/contactno SQLインジェクション]
ポイント	20

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!