If the id parameter is supplied with an arbitrary value, an attacker can access the full db_query() value, thus gaining access to the underlying database. This can be exploited to retrieve sensitive information that would otherwise be protected by the db_select() value.
An example payload of an id parameter that would cause this vulnerability to be exploited would be ‘;’ or ‘#’ or any other character or string that would result in an SQL injection.
form action="http://[Target]/interview/editQuestion.php" method="POST">
input type="hidden" name="id" value="">
input type="text" name="question" value="">
input type="submit" value="Submit">
/form>
SQL Injection with Mass Assignment
SQL injection vulnerabilities occur when user input is not properly sanitized before being used within SQL queries. This can be seen with mass assignment vulnerabilities, which are a subtype of SQL injection. In the case of mass assignment, the attacker will use an id parameter to enter arbitrary values into the database query. This could result in accessing sensitive information that would otherwise be protected by the db_select() value.
An example payload of an id parameter that would cause this vulnerability to be exploited would be ‘;’ or ‘#’ or any other character or string that would result in an SQL injection.
DB query Parameter Remote Code Execution Vulnerability
An attacker can exploit this vulnerability to gain access to the underlying database and retrieve sensitive information by supplying an id value of ";".
Timeline
Published on: 09/08/2022 16:15:00 UTC
Last modified on: 09/09/2022 14:48:00 UTC