An attacker can leverage this vulnerability to run arbitrary SQL commands, with the privileges of the user account of the application, where the application is installed.
The following example demonstrates how to exploit this vulnerability: Suppose an attacker sends a request to the application with the parameter 'productcode' set to 'x; where 'x' is an arbitrary SQL command.
And, suppose the application has the following SQL query: SELECT * FROM `users` WHERE `username` = 'user' AND `password` = 'pass'; An attacker can send a request to the application with the 'productcode' value set to 'x; where 'x' is an arbitrary SQL command, which will be executed in the context of the application's user account. The attacker can then run arbitrary SQL commands and access data in the database via the application. - Exploitation Steps: 1. Set the 'productcode' parameter in the request to an arbitrary SQL query. 2. Send the request to the application. Possible Vulnerabilities & Solutions: 1. Avoid setting parameters in requests to SQL queries with an arbitrary SQL query. 2. For more information on how to identify and prevent SQL injection vulnerabilities, see the following articles: - https://dev.hackerone.com/wiki/Injection_(SQL_Injection) - https://dev.hackerone.com/wiki/Injection_Prevention_Techniques - https://dev.hackerone.com/wiki/In
SQL Injection - CVE-2021-36255
An attacker can leverage this vulnerability to run arbitrary SQL commands, with no restrictions, where the application is installed.
The following example demonstrates how to exploit this vulnerability: Suppose an attacker sends a request to the application with the parameter 'productcode' set to 'x; where 'x' is no restriction whatsoever.
And, suppose the application has the following SQL query: SELECT * FROM `users` WHERE `username` = 'user' AND `password` = 'pass'; An attacker can send a request to the application with the 'productcode' value set to ''; where '' is no restriction whatsoever, which will be executed in the context of the application's user account. The attacker can then run arbitrary SQL commands and access data in the database via the application. - Exploitation Steps: 1. Set the 'productcode' parameter in the request to an arbitrary SQL query. 2. Send the request to the application. Possible Vulnerabilities & Solutions: 1. Avoid setting parameters in requests to SQL queries with an arbitrary SQL query. 2. For more information on how to identify and prevent SQL injection vulnerabilities, see the following articles: - https://dev.hackerone.com/wiki/Injection_(SQL_Injection) - https://dev.hackerone.com/wiki/Injection_Prevention_Techniques
Timeline
Published on: 09/12/2022 04:15:00 UTC
Last modified on: 09/15/2022 03:50:00 UTC