Advertisement






Membership Management System 1.0 SQL Injection

CVE Category Price Severity
CVE-2021-12345 CWE-89 $500 High
Author Risk Exploitation Type Date
Security Researcher Critical Remote 2024-03-01
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.03568 0.60873

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030001

Below is a copy:

Membership Management System 1.0 SQL Injection
- Title: Membership Management System - SQL injection
- Application: Hospital Management System
- Date: 01.03.2024
- Bugs: SQL injection
- Exploit Author: SoSPiro
- Vendor Homepage: https://codeastro.com/author/nbadmin/
- Software Link: https://codeastro.com/membership-management-system-in-php-with-source-code/
- Version: 1.0
- Tested on: Windows 10 64 bit Wampserver

### Vulnerability Description:

The provided payload in the POST request indicates a potential SQL injection vulnerability. Specifically, the manipulation within the email and password parameters suggests an attempt to influence the SQL query directly, presenting a risk for exploiting security vulnerabilities.

### SQL Injection:

This manipulated submission aims to affect the SQL query by incorporating user input. For instance, the use of **sleep(5)** introduces a time-delay technique, indicative of a potential resource-consuming attack vector by malevolent actors.



### Proof of Concept (PoC):

Below is an example payload illustrating the SQL injection vulnerability:

```
[email protected]' + (SELECT * FROM (SELECT (SLEEP(5)))a) +'&password=admin' or '1'='1'&login=
```

In this example, the **sleep(5)** function is employed to induce a time delay, followed by the use of or **'1'='1'** in the password control section, aiming to always evaluate as true.

- Request Response

[PoC FoTo](https://gcdnb.pbrd.co/images/9k8xy4YRomp3.png?o=1)


### Vulnerable Code Section:

```php
$email = $_POST['email'];
$password = $_POST['password'];

$hashed_password = md5($password);
$sql = "SELECT * FROM users WHERE email = '$email' AND password = '$hashed_password'";
```

The provided PHP code section exacerbates the SQL injection risk by directly incorporating user input into the SQL query. To mitigate this vulnerability, the use of parameterized queries or prepared statements is recommended.


## Reproduce: https://sospiro014.github.io/Membership-Management-System-SQL-injection

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum