CVE-2020-23685 – This SQL injection vulnerability in 188Jianzhan... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in 188Jianzhan v2.1.0 allows attackers to execute arbitrary SQL commands via the username parameter in login.php. Attackers can gain escalated privileges and potentially execute arbitrary code on affected systems. Anyone running 188Jianzhan v2.1.0 is vulnerable.

💻 Affected Systems

Products:

188Jianzhan

Versions: v2.1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation with no special configuration required

📦 What is this software?

188jianzhan by Vtimecn

View all CVEs affecting 188jianzhan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, data exfiltration, and persistent backdoor installation

🟠

Likely Case

Authentication bypass leading to unauthorized administrative access and data manipulation

🟢

If Mitigated

Failed login attempts logged with no successful exploitation due to input validation

🌐 Internet-Facing: HIGH - Login pages are typically internet-facing and accessible to attackers

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via login form requires no authentication and has simple exploitation vectors

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check GitHub repository for updated version
2. Replace vulnerable login.php with patched version
3. Test authentication functionality

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameterized queries and input validation to login.php

Modify login.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM users WHERE username = ?'); $stmt->bind_param('s', $username);

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

Isolate the 188Jianzhan instance behind a reverse proxy with strict input filtering
Implement network segmentation to limit access to the vulnerable system

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads in username field: ' OR '1'='1

Check Version:

Check version in application files or configuration: grep -r 'version' /path/to/188jianzhan/

Verify Fix Applied:

Attempt SQL injection payloads and verify they are rejected or properly escaped

📡 Detection & Monitoring

Log Indicators:

Unusual SQL syntax in username fields
Multiple failed login attempts with SQL keywords
Successful logins from unusual IP addresses

Network Indicators:

HTTP POST requests to login.php containing SQL keywords
Unusual database connection patterns

SIEM Query:

source="web_logs" AND uri="/login.php" AND (username="*OR*" OR username="*UNION*" OR username="*SELECT*")

📊 Metadata

CVE ID: CVE-2020-23685

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: November 2, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/vtime-tech/188Jianzhan/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://github.com/vtime-tech/188Jianzhan/issues/2 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23685, you might also want to check these: