New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Bug] Boolean SQL Injection in loan_by_class.php #163

Closed

0xdc9 opened this issue Oct 16, 2022 · 0 comments

Labels

bug

0xdc9 commented Oct 16, 2022

Describe the bug
An unsanitized collType parameter can be used to perform bloolean base blind SQL Injection attack

To Reproduce

Log in as admin
go to http://localhost/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa
capture the request and save it to a file
use sqlmap with this command sqlmap -r <capture_http_req >.req--level 5 --risk 3 --dbms=mysql -p collType --technique=B --current-user

Screenshots

bredel.req

sqlmap first run without getting anything from the database

sqlmap get current user

Versions

OS: Kali Linux(Debian) 2021
Browser: Firefox 78.7.0.esr(64-bit)
Slims Version: slims9_bulian-9.4.2

The text was updated successfully, but these errors were encountered:

0xdc9 added the bug label

drajathasan added a commit that referenced this issue


          Fix issue #163

a07958d

0xdc9 closed this as completed

hasanbasri1993 pushed a commit to hasanbasri1993/slims9_bulian that referenced this issue


          Fix issue slims#163

ca2c27d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment