CVE-2022-40347
published 2023-02-17CVE-2022-40347: SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.35%
91.6th percentile
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intern_record_system_project | intern_record_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
other-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27↗
- →Monitor POST requests to /intern/controller.php with parameters 'phone', 'email', 'deptType', or 'name' containing SQL injection patterns such as single quotes, CHAR(), FLOOR(RAND()), ROW(), or INFORMATION_SCHEMA references. ↗
- →Detect the specific error-based SQL injection payload pattern using FLOOR(RAND(0)*2) and INFORMATION_SCHEMA.COLLATIONS GROUP BY in POST body fields targeting /intern/controller.php. ↗
- →This is an unauthenticated SQLi — no session or login is required. Alert on any POST to /intern/controller.php from unauthenticated sessions containing SQL metacharacters. ↗
- →SQLmap exploitation targets the 'department' database; alert on successful DB enumeration responses or error messages referencing this database name from the application. ↗
- ·The exploit PoC uses localhost as the target host; in real deployments the vulnerable endpoint /intern/controller.php will be hosted on a different IP/domain. Detection rules should not be scoped to localhost only. ↗
- ·The exploit was tested on Windows 10 Pro with PHP 8.1.6 and Apache 2.4.53; behavior on other OS/PHP/web server combinations may differ. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.htmlhttps://code-projects.org/intern-record-system-in-php-with-source-code/https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_With_Source_Code.ziphttps://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticatedhttp://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.htmlhttps://code-projects.org/intern-record-system-in-php-with-source-code/https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_With_Source_Code.ziphttps://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated
2023-02-17
Published