eLection SQL Injection Vulnerability Leading to Remote Code Execution
Vulnerability
A SQL injection vulnerability has been identified in eLection version 2.0, specifically within the candidate management endpoint. This vulnerability allows authenticated attackers to manipulate database queries by exploiting the 'id' parameter. The issue can be leveraged using SQLMap, potentially leading to remote code execution by uploading backdoor files to the web application directory.
Impact
Exploitation of this vulnerability allows for authenticated SQL injection, which can lead to remote code execution by uploading backdoor files to the web application directory.
Reproduction
To reproduce this vulnerability, log into the admin portal and navigate to the candidates section. Capture the request using BurpSuite and save it to a file. The request should be a POST request to '/election/admin/ajax/op_kandidat.php' with the 'id' parameter included. Once the request is captured, it can be sent to SQLMap with the appropriate parameters to exploit the SQL injection vulnerability. SQLMap will confirm the injection and can be used to upload a backdoor file to the web application directory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.