SQL injection Vulnerability on "reports_id" in rukovoditel 3.2.1 #1
Comments
Repository owner
locked and limited conversation to collaborators
Oct 9, 2022
Repository owner
unlocked this conversation
Oct 9, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version: 3.2.1
Description
The reports_id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the reports_id parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared.
Proof of Concept
Step 1: Add single quote was submitted in the reports_id parameter, and a database error message was returned.
Step 2: Then add two quotes and submit the request, the error message disappears.
Step 3: Use SQLMap to dump full database.
Impact
SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.
The text was updated successfully, but these errors were encountered: