DEV Community

João Victor
João Victor

Posted on

Authenticated SQL Injection

Reward: $300
Program: Private

Overview
SQL injection (SQLi) is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was found for this host which allows an attacker to execute code and view data from the SQL service by submitting SQL queries.

An attacker could exploit this lack of input sanitization to exfiltrate database data and files, tamper with the data, or perform resource exhaustion. Depending on the database and how it is configured, an attacker could potentially remotely execute code on the server running the database.

Business Impact
Data exfiltration through a SQLi attack could lead to reputational damage or regulatory fines for the business due to an attacker’s unauthorized access to data. This could also result in reputational damage for the business through the impact to customers’ trust. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.

PoC

Click on "view" and then on the highlighted download icon, right click and click on "copy url"
Image description

Modify param "pcrc" to add single quote and view error which states 'SQL Syntax Error' at https://site.com/web_gtr/download.php?opc=1&anio=XXX&familia=XXX&pcrc=c4ng4c31r0'

Image description

to explore quickly and automatically, the sqlmap tool was used.
To replicate, we save the request intercepted by burp suite in a file and use it as a basis for making requests.

Image description

Image description

Image description

Reward/Status:

Image description

Top comments (0)