提交 #244450: PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection信息

标题	PHPGurukul Nipah Virus Testing Management System 1.0 SQL Injection
描述	A vulnerability has been found in Nipah virus (NiV) – Testing Management System 1.0 and classified as critical. Phpgurukul's Nipah virus (NiV) – Testing Management System Using PHP and MySQL 1.0 has a SQL injection vulnerability in "add-phlebotomist.php" endpoint. The manipulation of the parameter "empid" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities. Steps to Reproduce: # Exploit Title: SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System # Date: 28-11-2023 # Exploit Author: dhabaleshwardas # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: firefox/chrome/brave # CVE : To reproduce the attack: 1- Login to the Niv Application and head to http://localhost/nipah-tms/add-phlebotomist.php endpoint 2- Here you would be asked to add a phlebotomist and fill out all the details. We give some random value in those parameters and intercept the request. 3- Copy and Save this request in your system, here I saved it in a file "request3.txt". 4- Next we use sqlmap and try to automate the query to find out if any of the three parameters in our "request3.txt" file is vulnerable to sql injection. 5- We find out that the parameter "empid" is vulnerable to sql injection and we got all the databases. 6- This is a critical vulnerability as it can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities. Remediation: 1- Use prepared statements with parameterized queries. In PHP, you can use PDO (PHP Data Objects) or MySQLi (MySQL Improved) to achieve this. 2- Use stored procedures whenever possible. Stored procedures can help prevent SQL injection by encapsulating the SQL code and allowing the database to execute only the stored procedure. 3- Ensure that your MySQL user accounts have the minimum necessary privileges. Avoid using accounts with global or unnecessary permissions.
来源	⚠️ https://github.com/dhabaleshwar/niv_testing_sqli/blob/main/exploit.md
用户	dhabaleshwar (UID 58737)
提交	2023-11-28 08時41分 (3 年前)
管理	2023-11-30 10時02分 (2 days later)
状态	已接受
VulDB条目	246423 [PHPGurukul Nipah Virus Testing Management System 1.0 add-phlebotomist.php empid SQL注入]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!