Zechat SQL Injection Vulnerability in Hashtag Parameter

A SQL injection vulnerability has been identified in Zechat version 1.5, specifically within the hashtag parameter. This vulnerability allows unauthenticated attackers to extract database information using union-based SQL injection techniques. By exploiting the hashtag parameter with carefully crafted payloads, attackers can retrieve table and column names from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to extract, modify, or delete database information. In this case, the vulnerability was exploited to perform union-based SQL injection, which involves combining the results of the original query with data from other database tables.

Reproduction

The vulnerability can be reproduced by sending a request to the chat/hashtag endpoint with a union-based SQL injection payload in the hashtag parameter. This payload can be crafted to extract database information, such as table and column names, by exploiting the application's SQL query handling. Additionally, the vulnerability can be exploited through cross-site request forgery (CSRF) by using the hashtag parameter to bypass CSRF protection and change user information.