| Title | code-projects Inventory Management 1.0 SQL Injection |
|---|
| Description | Vulnerability Description:
An Authenticated SQL Injection vulnerability was discovered in the Inventory Management Web Application, specifically in the editProduct.php page. The vulnerability occurs due to improper handling of user-controlled input in the id parameter passed through the URL (GET method).
This vulnerability allows authenticated attackers to inject arbitrary SQL queries through the id parameter. The attacker can manipulate the URL, crafting an injection to trigger a time-based SQL injection (using sleep function) and potentially extract sensitive information from the database.
Vulnerable Code Section:
if(isset($_GET['id'])){
$id= $_GET['id'];
$sql= "SELECT * from products WHERE id='$id' limit 1";
$res= mysqli_fetch_assoc($conn->query($sql));
}
Proof of Concept (PoC):
Location: http://localhost/Inventory-Management/model/editProduct.php?id=12%27XOR(if(now()=sysdate(),sleep(5),0))XOR%27Z
Payload: 12' XOR(if(now()=sysdate(),sleep(5),0)) XOR 'Z
Exploit: An attacker can trigger the SQL injection by injecting the payload into the id parameter, which results in a delay in the response if the payload is successful. This confirms that the server is vulnerable to time-based SQL injection.
Check out full advisory please. |
|---|
| Source | ⚠️ https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md |
|---|
| User | sh3rl0ckpgp (UID 77534) |
|---|
| Submission | 11/13/2024 11:38 (2 years ago) |
|---|
| Moderation | 11/15/2024 09:47 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 284686 [code-projects Inventory Management up to 1.0 /model/editProduct.php ID sql injection] |
|---|
| Points | 20 |
|---|