A SQL injection vulnerability (CVE-2022-43124) has been discovered in the Online Diagnostic Lab Management System v1. affecting the "id" parameter in the /admin/?page=user/manage_user endpoint. This vulnerability allows attackers to execute arbitrary SQL commands and potentially gain unauthorized access to sensitive information or even take control of the affected system.

In this post, we'll take a deeper look at this vulnerability: its technical details, how it can be exploited, and provide some recommendations to mitigate and protect your systems.

Vulnerability Details

The vulnerability exists due to insufficient input validation and sanitization of the "id" parameter in the /admin/?page=user/manage_user endpoint of the Online Diagnostic Lab Management System v1.. Attackers can exploit this vulnerability by crafting malicious requests and sending them to the affected application.

The issue occurs at the following code snippet, which is part of the /admin/?page=user/manage_user file:

$id = $_GET['id'];
$query = "SELECT * FROM users WHERE id = '$id'";
$result = mysqli_query($con, $query);

The "id" parameter obtained from the user input is directly concatenated into the SQL query without proper validation or escaping. This allows exploiters to inject arbitrary SQL code into the query, leading to possible leakage of sensitive information or unauthorized actions on the web application.

Exploit Details

By exploiting this SQL injection vulnerability, an attacker can view, modify and delete data within the application's database tables. An example of an attack vector can be seen below:

http://target.com/admin/?page=user/manage_user&id=2'; OR '1'='1

This crafted URL with the injected SQL fragment (' OR '1'='1) in the "id" parameter will cause the vulnerable code to display information for all users in the system, regardless of the original intent to display only the information of user ID 2.

Further information and details about this vulnerability can be found in the following sources

1. CVE Details - CVE-2022-43124
2. Exploit Database - Online Diagnostic Lab Management System v1. SQL Injection Vulnerability
3. National Vulnerability Database - NVD - CVE-2022-43124

In order to protect your systems from this vulnerability, we recommend the following actions

1. Update to a patched version: If a security patch or new secure version is available from the application's developers, upgrade your systems to the latest, patched version immediately.
2. Sanitize user input: Implement proper input validation and sanitization on all user input, especially when incorporating it into SQL queries. Use prepared statements to avoid SQL injection vulnerabilities.
3. Limit user privileges: Only give application users the minimum required database privileges to limit the potential damage caused by an SQL injection attack.
4. Web Application Firewall (WAF): Deploy a Web Application Firewall to protect your web applications against known attack patterns and exploitation attempts.

As always, it's important to maintain regular updates and comply with best security practices to ensure the safety and integrity of your applications and infrastructure. Stay vigilant for new security patches and follow the recommendations provided in this post to help mitigate the risks poised by this CVE-2022-43124 vulnerability.

Timeline

Published on: 11/01/2022 14:15:00 UTC
Last modified on: 11/01/2022 23:33:00 UTC