CVE-2024-30981: SQL Injection Vulnerability in Cyber Cafe Management System Using PHP & MySQL v1.0 by Phpgurukul

Introduction: In the ever-evolving landscape of cybersecurity, the discovery and remediation of vulnerabilities play a pivotal role in safeguarding digital assets and user privacy. Today, I shed light on a critical vulnerability found in the Cyber Cafe Management System Using PHP & MySQL v1.0 developed by Phpgurukul. This vulnerability, identified as CVE-2024–30981, exposes the system to SQL Injection attacks, posing a significant risk to its users.

Overview: The vulnerability resides in the “/edit-computer-detail.php” component of the Cyber Cafe Management System (CCMS), where insufficient input validation allows attackers to execute malicious SQL queries against the underlying MySQL database. By exploiting this vulnerability, attackers can manipulate the system’s behavior, potentially accessing sensitive data or causing data loss.

CVE Identifier: CVE-2024–30981 has been assigned to this vulnerability, providing a standardized reference for tracking and addressing the issue. This identifier facilitates collaboration among cybersecurity professionals and enables affected parties to take appropriate measures to mitigate the risk.

Affected Component: The SQL Injection vulnerability affects the “editid” parameter within the “/edit-computer-detail.php” file of the Cyber Cafe Management System.

Proof of Concept: To exploit CVE-2024–30981, an attacker follows a series of steps within the CCMS application:

1. Login to the CCMS system via http://localhost/cybercafemanagementsystem/ccms/index.php.
2. Navigate to the “/manage-computer.php” page and select the “Edit Details” option for a computer. This action redirects the user to “/edit-computer-detail.php” with the “editid=” parameter.

3. In the “editid=” parameter, inject a crafted SQL payload designed to cause a delay, such as -

"' AND (SELECT 5892 FROM (SELECT(SLEEP(5)))PTZA) AND 'tGdD'='tGdD"

4. The resulting URL will resemble:

http://localhost/cybercafemanagementsystem/ccms/edit-computer-detail.php?editid=1"' AND (SELECT 5892 FROM (SELECT(SLEEP(5)))PTZA) AND 'tGdD'='tGdD"

5. The page will experience a delay of approximately 5 seconds, indicating a successful SQL Injection attack.

Note that, we have performed the Blind Time Based SQLi here for just the sake of POC. Alternatively, you can perform a proper attack to exploit the vulnerability either Manually or you can Automate the process by using tools like SQLMap.

Conclusion: CVE-2024–30981 underscores the critical importance of robust security practices in software development and deployment. By addressing vulnerabilities like SQL Injection in the Cyber Cafe Management System, we can bolster the security posture of our digital infrastructure and mitigate the risk of exploitation. Let us remain vigilant in our efforts to safeguard sensitive data and uphold the integrity of our systems.

Thank You For Reading!

By: Shanu Nirwan