Skip to content

Instantly share code, notes, and snippets.

@hiennv20

hiennv20/sqli_redcap.md

Last active Aug 18, 2019
Embed
What would you like to do?
SQL injection in Redcap 8.11.5 to before 9.3.0 Standard

Description: REDCap 8.11.5 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3)). The attacker can exploit and extract any data from redcap database

Vulnerability type: SQL Injection Vendor of Product: Redcap Affected Product Code Base: Redcap - 8.11.5 to before 9.3.0 Standard
Affected Component: Calendar function in project of redcap application Attack Type: Remote Impact Escalation of Privileges: true Attack Vectors: To exploit vulnerability, user must be logged in application, has access to specific project in redcap application Reference: https://projectredcap.org/resources/community/

Reproduce

  1. Login to Redcap application, user have permission update event in calendar
  2. Perform edit notes, pass cal_id = id_number and sleep(5) to exploit time-based sqlinjection (URL /redcap_v9.2.3//Calendar/calendar_popup_ajax.php)

Release note redcap fix this vulnerability:https://www.evms.edu/research/resources_services/redcap/redcap_change_log/

@hiennv20

This comment has been minimized.

Copy link
Owner Author

@hiennv20 hiennv20 commented Aug 17, 2019

sqli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.