search

talsoft / vuldash

Vulnerability Dashboard
https://www.vuldash.com
GNU General Public License v3.0
30 stars 13 forks source link

Possible SQL injection #3

Closed tottikm closed 6 years ago

tottikm commented 6 years ago

This http://vuldashIP/dashboard/projectsstate/save?id=%27&name=%27, if it is attacked by a tool like sqlmap, can create a lot of empty fields inside the database and create a performance issue for the app. Also, Sqlmap can create requests to that URL without authentication in the first place. A simple test with the tool creates this | 30343 | | | 30344 | | | 30345 | | | 30346 | | | 30347 | | | 30348 | | | 30349 | | +-------+-----------+ 30348 rows in set (0,01 sec)

mysql>

Please see if you can reproduce the problem with, sqlmap -u "http://vuldashIP/dashboard/projectsstate/save?id=*&name=*" -b --level=5 --risk=3 --dbms=mysql

Also the function edit, delete, getlist are not protected in projectsstate.php in the application/controllers. index function is well protected by redirecting user to the login page.

talsoft commented 6 years ago

We have fixes some files about this possible SQL injection. Now when test with,

sqlmap -u "http://localhost/dashboard/projectsstate/save?id=*&name=*" -b --level=5 --risk=3 --dbms=mysql

The system redirects to login page.

thanks!!!

tottikm commented 6 years ago

That's great guys, We'll keep testing. Wonderful work by the way!!