Vendors: PHPgurukul (https://phpgurukul.com)
The Art Gallery Management System (AGMS) v1.1 "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. An attacker can exploit the SQLi attacks to read sensitive data from the database, modify database data, execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases, issue commands to the operating system.
-
I have Hosted Art Gallery Management System v1.1 in local XAMPP Server.
-
After completing the setup, go to the admin login panel and logged in with default credentials.
-
Go to the "Artist"--> "Manage Artist"--> Click "Edit"--> Click "Edit Image" and "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. (http://localhost/agmsdb/agms/admin/changepropic.php?imageid=1)
-
Using SQLmap to dump the databases:
An attacker can use this vulnerability to execute SQL queries to fetch data from the database, further it is possible to dump the database.
- Use the parameterized queries with stored procedure in the application for all SQL queries.
- Sanitize the data before storing to the database, prefer using of character encoding.
- Double up any single quotation marks appearing within user input before incorporating that input into a SQL query.