| Título | PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection |
|---|
| Descrição | Hello there,
My name is Dhabaleshwar Das, a cyber security researcher. I recently found an Unauthenticated SQL Injection vulnerability in Nipah virus (NiV) – Testing Management System. Here is the PoC below:
Bug Description:
A vulnerability has been found in Nipah virus (NiV) – Testing Management System 1.0 and classified as critical. Phpgurukul's Nipah virus (NiV) – Testing Management System Using PHP and MySQL 1.0 has an Unauthenticated SQL injection vulnerability in "password-recovery.php" endpoint. The manipulation of the parameter "username" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Steps to Reproduce:
# Exploit Title: SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System
# Date: 03-12-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :
To reproduce the attack:
1- As this is an Unauthenticated SQL injection vulnerability, directly head to http://localhost/nipah-tms/password-recovery.php endpoint.
2- Here you would be asked to fill out all the details. We give some random value in those parameters and intercept the request.
3- Copy and Save this request in your system, here I saved it in a file "request3.txt".
4- Next we use sqlmap and try to automate the query to find out if any of the parameters in our "request3" file is vulnerable to sql injection.
5- We find out that the parameter "username" is vulnerable to sql injection and we got all the databases.
6- This is a critical vulnerability as it can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Remediation:
1- Use prepared statements with parameterized queries. In PHP, you can use PDO (PHP Data Objects) or MySQLi (MySQL Improved) to achieve this.
2- Use stored procedures whenever possible. Stored procedures can help prevent SQL injection by encapsulating the SQL code and allowing the database to execute only the stored procedure.
|
|---|
| Fonte | ⚠️ https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md |
|---|
| Utilizador | dhabaleshwar (UID 58737) |
|---|
| Submissão | 03/12/2023 18h21 (há 2 anos) |
|---|
| Moderação | 09/12/2023 18h08 (6 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 247341 [PHPGurukul Nipah Virus Testing Management System 1.0 password-recovery.php username/contactno Injeção SQL] |
|---|
| Pontos | 20 |
|---|