Skip to content

Instantly share code, notes, and snippets.

@hiennv20

hiennv20/sqli_redcap.md

Last active Aug 18, 2019
Embed
What would you like to do?
SQL injection in Redcap 8.11.5 to before 9.3.0 Standard

Description: REDCap 8.11.5 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3)). The attacker can exploit and extract any data from redcap database

Vulnerability type: SQL Injection Vendor of Product: Redcap Affected Product Code Base: Redcap - 8.11.5 to before 9.3.0 Standard
Affected Component: Calendar function in project of redcap application Attack Type: Remote Impact Escalation of Privileges: true Attack Vectors: To exploit vulnerability, user must be logged in application, has access to specific project in redcap application Reference: https://projectredcap.org/resources/community/

Reproduce

  1. Login to Redcap application, user have permission update event in calendar
  2. Perform edit notes, pass cal_id = id_number and sleep(5) to exploit time-based sqlinjection (URL /redcap_v9.2.3//Calendar/calendar_popup_ajax.php)

Release note redcap fix this vulnerability:https://www.evms.edu/research/resources_services/redcap/redcap_change_log/

@hiennv20

This comment has been minimized.

Copy link
Owner Author

@hiennv20 hiennv20 commented Aug 17, 2019

sqli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment