SQL Injection vulnerability was discovered from Sourcecodester Medicine Tracker System (Users.php)

CVE-2024-6418

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270009 was assigned to this vulnerability.

Affected Project: Sourcecodester Medicine Tracker System 1.0

Official Website: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html

Version: 1.0

Related Code file: /php-mts/classes/Users.php

Injection parameter: POST parameter ‘MULTIPART username’ is vulnerable.

Demonstration

Below is app/register.php:

We will intercept the create account traffic using Burp Suite:

After saving the intercepted request as register.txt, we will run sqlmap against it:

sqlmap identifies POST parameter ‘MULTIPART username’ as vulnerable. Below is the payload used:

Parameter: MULTIPART username ((custom) POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: -----------------------------231968070537024691881305716636

sqlmap successfully lists out the databases:

👨‍💻My Notes

Explorer

CVE-2024-6418

SQL Injection vulnerability was discovered from Sourcecodester Medicine Tracker System (Users.php)

CVE-2024-6418

Demonstration

Graph View

Table of Contents

Backlinks