[★]Unauthenticated Remote SQL Injection Vulnerability in "Search" Endpoint of Parking Management System
输入“/”快速插入内容
[★]Unauthenticated Remote SQL Injection Vulnerability in "Search" Endpoint of Parking Management System
[★]Unauthenticated Remote SQL Injection Vulnerability in "Search" Endpoint of Parking Management System
4月29日修改
Company:Shenzhen DAS INTELLITECH Co., Ltd.
Affected version: 6.2.0
Vulnerability Type: CWE-89 (SQL Injection)
Attack Vector: Network (Remote)
漏洞描述 (Description):
A critical SQL injection vulnerability exists in the ParkingRecord/Search API endpoint of the "Parking Management System." This flaw is caused by a complete lack of authentication (Unauthorized Access) combined with improper sanitization of the Value parameter within the JSON request body.
A remote, unauthenticated attacker can exploit this vulnerability by submitting a specially crafted POST request to bypass access controls and extract sensitive data, including parking logs, owner details, and administrative credentials. Furthermore, depending on the database configuration, this vulnerability could be leveraged to execute arbitrary system commands, leading to complete server compromise and a total loss of confidentiality, integrity, and availability.
Impact Score (CVSS v3.1):
•
Attack Vector (AV): Network
•
Attack Complexity (AC): Low
•
Privileges Required (PR): None
•
User Interaction (UI): None
•
Scope (S): Changed
•
Confidentiality (C): High
•
Integrity (I): High
•
Availability (A): High
[DETAILS]
The specific request packet is as follows, no authentication required:
代码块
POST /ParkingRecord/Search HTTP/1.1
Host:
Content-Length: 83
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json
Origin:
Referer:
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
{"pageIndex":1,"pageSize":15,"Filters":[{"Field":"OwnerName","Op":"=","Value":""}]}