| 제목 | code-projects Inventory Management 1.0 SQL Injection |
|---|
| 설명 | Vulnerability Description:
An Authenticated SQL Injection vulnerability was discovered in the Inventory Management Web Application, specifically in the editProduct.php page. The vulnerability occurs due to improper handling of user-controlled input in the id parameter passed through the URL (GET method).
This vulnerability allows authenticated attackers to inject arbitrary SQL queries through the id parameter. The attacker can manipulate the URL, crafting an injection to trigger a time-based SQL injection (using sleep function) and potentially extract sensitive information from the database.
Vulnerable Code Section:
if(isset($_GET['id'])){
$id= $_GET['id'];
$sql= "SELECT * from products WHERE id='$id' limit 1";
$res= mysqli_fetch_assoc($conn->query($sql));
}
Proof of Concept (PoC):
Location: http://localhost/Inventory-Management/model/editProduct.php?id=12%27XOR(if(now()=sysdate(),sleep(5),0))XOR%27Z
Payload: 12' XOR(if(now()=sysdate(),sleep(5),0)) XOR 'Z
Exploit: An attacker can trigger the SQL injection by injecting the payload into the id parameter, which results in a delay in the response if the payload is successful. This confirms that the server is vulnerable to time-based SQL injection.
Check out full advisory please. |
|---|
| 원천 | ⚠️ https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md |
|---|
| 사용자 | sh3rl0ckpgp (UID 77534) |
|---|
| 제출 | 2024. 11. 13. AM 11:38 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 15. AM 09:47 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 284686 [code-projects Inventory Management 까지 1.0 /model/editProduct.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|