CVE-2024-33974
📋 TL;DR
This SQL injection vulnerability in Janobe products allows attackers to execute arbitrary SQL queries through the 'Users' parameter in '/report/printlogs.php'. Attackers can potentially retrieve all database information, including sensitive payment and user data. Only version 1.0 of affected payment modules is vulnerable.
💻 Affected Systems
- Janobe PayPal, Credit Card and Debit Card Payment modules
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to theft of all payment card data, user credentials, and sensitive transaction information, potentially resulting in financial fraud and regulatory penalties.
Likely Case
Extraction of user payment information and personal data, enabling identity theft and fraudulent transactions.
If Mitigated
Limited data exposure if proper input validation and database permissions are in place, but SQL execution still possible.
🎯 Exploit Status
SQL injection via URL parameter requires minimal technical skill. No authentication required based on description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products
Restart Required: No
Instructions:
1. Check Janobe vendor for updated versions. 2. Remove or disable affected payment modules if no patch available. 3. Implement input validation and parameterized queries.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to reject malicious SQL characters in the Users parameter
# Example PHP validation
$users = $_GET['Users'];
if (preg_match('/[\'"\;\-\-]/', $users)) {
die('Invalid input');
}
Access Restriction
allBlock external access to /report/printlogs.php via web server configuration
# Apache .htaccess
<Files "printlogs.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx
location ~ /report/printlogs\.php$ {
deny all;
}
🧯 If You Can't Patch
- Immediately disable the affected payment modules and use alternative payment methods.
- Implement a Web Application Firewall (WAF) with SQL injection rules to block exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Test by accessing /report/printlogs.php?Users=1' OR '1'='1 and checking for SQL errors or unexpected data returns.Check Version:
Check Janobe product documentation or admin panel for module version information.Verify Fix Applied:
Attempt the same SQL injection test after fixes; should return error or no sensitive data.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in web server logs
- Multiple requests to /report/printlogs.php with SQL keywords in parameters
Network Indicators:
- HTTP requests containing SQL injection patterns in query strings
- Unusual database query patterns from web server
SIEM Query:
source="web_logs" AND uri_path="/report/printlogs.php" AND (query_string="*' OR*" OR query_string="*' UNION*" OR query_string="*' SELECT*")