Senayan Library Management System (SLiMS) is an open-source library management application that helps organizations digitize and automate library management processes. The latest version, SLiMS v9.4.2, has been discovered to contain a critical SQL injection vulnerability via the collType parameter at the loan_by_class.php endpoint. Identified as CVE-2022-43362, this exploit is detailed in the National Vulnerability Database with a CVSS base score of 7.5.

In this long-read post, we will discuss the exploit details, code snippets to reproduce the vulnerability, links to original references, and best practices for detecting and patching the vulnerability.

Exploit Details

A SQL injection vulnerability in SLiMS v9.4.2 allows remote attackers to execute arbitrary SQL commands by submitting crafted input to the 'collType' parameter in the loan_by_class.php endpoint. Several attack vectors can be used to inject SQL code, potentially compromising the security and functionality of the affected system, including unauthorized access to sensitive data, data manipulation, or even complete system takeover.

A proof of concept for the exploit can be found below

GET /senayan_directory/loan_by_class.php?collType='UNION SELECT 1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 --
HTTP/1.1

Host: target.example.com

This code snippet sends an HTTP GET request to the vulnerable loan_by_class.php endpoint, attempting to access the version number of the database server in use by injecting a 'UNION SELECT' clause into the 'collType' parameter.

Original References

1. Official CVE-2022-43362 Entry in NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43362
2. Senayan Library Management System (SLiMS) Official Website: https://slims.web.id/
3. SLiMS GitHub Repository: https://github.com/slims/slims9_bulian

Detection

To identify whether your SLiMS installation is vulnerable, cross-check the version number (v9.4.2) with the affected version mentioned in CVE-2022-43362. Additionally, any unexplained SQL errors or unusual system behavior could be potential indicators of an exploit.

Patching

As of the time of writing, the SLiMS team has not yet released a patch for the vulnerability. System administrators are advised to closely monitor the SLiMS GitHub repository and official website for updates.

In the meantime, consider implementing the following best practices to mitigate potential risks

1. Sanitize and validate user input: Ensure that user-supplied input is appropriately sanitized for possible SQL injections, like prepared statements and input validation.

2. Limit user permissions: Restrict the application's database access privileges to the minimal required level, reducing the potential impact of a successful SQL injection.

3. Implement a web application firewall (WAF): A well-configured WAF can analyze incoming web traffic and block malicious SQL injection attempts before they reach the application.

Conclusion

The SQL injection vulnerability (CVE-2022-43362) found in Senayan Library Management System v9.4.2 poses serious security risks for affected systems. It is essential to follow best security practices and monitor the official channels for updates and patches to mitigate this vulnerability. Regularly test and audit your systems to ensure the continued protection of sensitive data and system integrity.

Timeline

Published on: 11/01/2022 19:15:00 UTC
Last modified on: 11/02/2022 15:38:00 UTC