CVE-2024-50989
📋 TL;DR
This SQL injection vulnerability in PHPGurukul Online Marriage Registration System v1.0 allows unauthenticated attackers to execute arbitrary SQL commands via the 'searchdata' parameter in /omrs/admin/search.php. It affects all deployments of this software version, potentially compromising database integrity and confidentiality.
💻 Affected Systems
- PHPGurukul Online Marriage Registration System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, manipulation, or deletion, and potential remote code execution if database privileges allow.
Likely Case
Unauthorized access to sensitive marriage registration data, including personal information, with possible data exfiltration or tampering.
If Mitigated
Limited impact if input validation and parameterized queries are enforced, though the vulnerability remains exploitable without patching.
🎯 Exploit Status
Exploitation is straightforward with publicly available proof-of-concept details; attackers can craft simple SQL payloads to inject via the searchdata parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch is available; implement workarounds such as input validation and use parameterized queries in the search.php file.
🔧 Temporary Workarounds
Implement Input Validation and Sanitization
allAdd server-side validation to sanitize the 'searchdata' parameter, rejecting malicious SQL characters.
Edit /omrs/admin/search.php to include input filtering, e.g., using mysqli_real_escape_string() or prepared statements.
Use Web Application Firewall (WAF)
allDeploy a WAF to block SQL injection attempts targeting the vulnerable endpoint.
Configure WAF rules to detect and block patterns like ' OR '1'='1' in the searchdata parameter.
🧯 If You Can't Patch
- Restrict access to /omrs/admin/search.php using network controls or authentication mechanisms.
- Monitor and log all access to the vulnerable endpoint for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Test by sending a crafted SQL payload (e.g., ' OR '1'='1) to the searchdata parameter in a POST request to /omrs/admin/search.php and observe if it alters database behavior.Check Version:
Check the software version in the system's documentation or configuration files; no standard command is provided by the vendor.Verify Fix Applied:
After applying workarounds, retest with the same payload; it should be rejected or sanitized without executing SQL commands.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in application logs, especially those containing 'searchdata' with SQL keywords like UNION, SELECT, or OR.
Network Indicators:
- HTTP POST requests to /omrs/admin/search.php with suspicious parameters indicative of SQL injection attempts.
SIEM Query:
source="web_logs" AND uri="/omrs/admin/search.php" AND (param="searchdata" AND value MATCHES "(?i)(union|select|or|')")