Skip to content

Instantly share code, notes, and snippets.

@hiennv20

hiennv20/sqli_redcap.md

Last active August 18, 2019 10:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hiennv20/6739606a4d0d25612f5139ec391060b7 to your computer and use it in GitHub Desktop.
Save hiennv20/6739606a4d0d25612f5139ec391060b7 to your computer and use it in GitHub Desktop.
Download ZIP
SQL injection in Redcap 8.11.5 to before 9.3.0 Standard
Raw
sqli_redcap.md

Description: REDCap 8.11.5 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3)). The attacker can exploit and extract any data from redcap database

Vulnerability type: SQL Injection Vendor of Product: Redcap Affected Product Code Base: Redcap - 8.11.5 to before 9.3.0 Standard
Affected Component: Calendar function in project of redcap application Attack Type: Remote Impact Escalation of Privileges: true Attack Vectors: To exploit vulnerability, user must be logged in application, has access to specific project in redcap application Reference: https://projectredcap.org/resources/community/

Reproduce

  1. Login to Redcap application, user have permission update event in calendar
  2. Perform edit notes, pass cal_id = id_number and sleep(5) to exploit time-based sqlinjection (URL /redcap_v9.2.3//Calendar/calendar_popup_ajax.php)

Release note redcap fix this vulnerability:https://www.evms.edu/research/resources_services/redcap/redcap_change_log/

@hiennv20
Copy link
Author

sqli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment