Online Notice Board System v1.0 - SQLi
Summary
Name | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
Code name | Perahia |
Product | Online Notice Board System |
Vendor | Kashipara Group |
Affected versions | Version 1.0 |
State | Public |
Release date | 2024-01-02 |
Vulnerabilities
Kind | Unauthenticated SQL Injections (SQLi) |
Rule | 146. SQL Injection |
Remote | Yes |
CVSSv3 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSSv3 Base Score | 9.8 |
Exploit available | Yes |
CVE ID(s) | CVE-2023-50743, CVE-2023-50752, CVE-2023-50753 |
Description
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Vulnerabilities
CVE-2023-50743
The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
extract($_POST);
...
$dob=$yy."-".$mm."-".$dd;
...
$query="insert into user values('','$n','$e','$pass','$mob','$gen','$hob','$imageName','$dob',now())";
mysqli_query($conn,$query);
CVE-2023-50752
The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
extract($_POST); if(isset($save)) { if($e=="" || $p=="") { $err="<font color='red'>fill all the fileds first</font>";
}
else
{
$pass=md5($p);
$sql=mysqli_query($conn,"select * from user where email='$e' and pass='$pass'");
CVE-2023-50753
The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
extract($_POST);
if(isset($update))
{
//dob
$dob=$yy."-".$mm."-".$dd;
//hobbies
$hob=implode(",",$hob);
$query="update user set name='$n',mobile='$mob',gender='$gen',hobbies='$hob',dob='$dob' where email='".$_SESSION['user']."'";
Our security policy
We have reserved the IDs CVE-2023-50743, CVE-2023-50752 and CVE-2023-50753 to refer to these issues from now on.
System Information
- Version: Online Notice Board System v1.0
- Operating System: Any
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team.
References
Vendor page https://www.kashipara.com/
Timeline
2023-12-11
Vulnerability discovered.
2023-12-11
Vendor contacted.
2024-01-02
Public Disclosure.