SQL Vulnerability - Githubissues

sivann / itdb

IT Items Database

http://www.sivann.gr/software/itdb/

GNU General Public License v3.0

154 stars 105 forks source link

SQL Vulnerability #61

Closed tanaydin closed 7 years ago

tanaydin commented 7 years ago

With SQLMap, I found that this software has problem (maybe more)

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: action=edititem&id=5) OR NOT 1460=1460-- CDNM
    Vector: OR NOT [INFERENCE]
---

attritionorg commented 7 years ago

What script was that found in?

tanaydin commented 7 years ago

It is SQLMap, http://sqlmap.org/

Entropede commented 7 years ago

As already mentioned by @sivann , this software is an internal tool that should not be exposed publicly. Efforts to secure the software are not a priority.

See reply: https://github.com/sivann/itdb/issues/59#issuecomment-269898929

tanaydin commented 7 years ago

Ok, thanks for explanation.