CVE– – PHPGurukul Bank Locker Management System SQL Injection Vulnerability

By /

Listen to this Post

Vulnerability Details

A critical SQL injection vulnerability exists in PHPGurukul’s Bank Locker Management System through the `mobilenumber` parameter in /edit-assign-locker.php. The application fails to properly sanitize user-supplied input, allowing attackers to execute arbitrary SQL commands.

Severity: 7.5 (MEDIUM)

Published: 2025-03-24

Affected Component: edit-assign-locker.php

Vulnerable Parameter: mobilenumber

Detection Methods

One-Liner Detection Command:

curl -s --data "mobilenumber=1' AND 1=1--" http://example.com/edit-assign-locker.php?ltid=1 | grep "specific-string-from-successful-injection"

Expected Output Interpretation:

  • Vulnerable: Output contains “specific-string-from-successful-injection”
  • Patched: No match found

You Should Know: Mitigation and Protection Steps

Immediate Mitigation Commands (Linux):

 1. Input Sanitization Patch
sudo sed -i 's/$_GET["mobilenumber"]/mysqli_real_escape_string($conn,$_GET["mobilenumber"])/g' /var/www/html/edit-assign-locker.php

<ol>
<li>WAF Rule Implementation (ModSecurity)
echo 'SecRule ARGS:mobilenumber "@detectSQLi" "id:1005,phase:2,log,deny,status:403,msg:\"SQL Injection Attempt\"'" | sudo tee -a /etc/modsecurity/modsecurity.conf</p></li>
<li><p>Access Restriction
sudo iptables -A INPUT -p tcp --dport 80 -m string --string "edit-assign-locker.php" --algo bm -j DROP

Database Protection Measures:

-- Create restricted database user
CREATE USER 'locker_limited'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT SELECT ONLY ON bank_locker. TO 'locker_limited'@'localhost';
REVOKE ALL PRIVILEGES ON mysql. FROM 'locker_limited'@'localhost';

PHP Code Fix (Manual Patch):

// Replace vulnerable code with:
$mobilenumber = mysqli_real_escape_string($conn, $_GET['mobilenumber']);
$query = "SELECT  FROM locker_table WHERE mobile_number = '$mobilenumber'";

System Hardening Commands:

 Enable PHP security settings
sudo sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/8.2/apache2/php.ini
sudo sed -i 's/display_errors = On/display_errors = Off/g' /etc/php/8.2/apache2/php.ini

Restart Apache to apply changes
sudo systemctl restart apache2

References:

  • https://lnkd.in/enPzbvKm
  • https://phpgurukul.com/
  • https://lnkd.in/eY-md2Ns
  • https://owasp.org/www-community/attacks/SQL_Injection

What Undercode Say

This vulnerability demonstrates the critical importance of input validation in web applications. The SQL injection flaw in PHPGurukul’s Bank Locker Management System could allow attackers to compromise sensitive financial data. Beyond the immediate fixes, organizations should implement:

1. Regular security audits using tools like:

nikto -h example.com -output /var/log/nikto_scan.html
sqlmap -u "http://example.com/edit-assign-locker.php?ltid=1" --risk=3 --level=5

2. Continuous monitoring with commands like:

tail -f /var/log/apache2/error.log | grep -i "sql|warning|error"

3. Automated patching systems:

apt-get update && apt-get upgrade --only-upgrade php

4. Database activity monitoring:

CREATE TABLE security_audit_log (
id INT AUTO_INCREMENT PRIMARY KEY,
event_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
user VARCHAR(50),
action VARCHAR(255),
ip_address VARCHAR(45)
);

5. Network segmentation for sensitive systems:

iptables -A INPUT -p tcp --dport 3306 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

Always remember: security is a process, not a one-time fix. Implement defense in depth with proper input validation, parameterized queries, and least privilege access controls.

Expected Output:

 After successful mitigation:
$ curl -s --data "mobilenumber=1' AND 1=1--" http://example.com/edit-assign-locker.php
No vulnerabilities detected. Input properly sanitized.

References:

Reported By: Vulns Space – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: