Senayan Library Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Senayan Library Management System (SLIMS) version 9.0.0. The issue resides in the 'class' parameter, where attackers can inject malicious SQL queries. Exploitation of this vulnerability allows for manipulation of database queries, potentially leading to the extraction of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a crafted payload through the 'class' parameter in a GET request. The injected payload can manipulate the SQL query processing, taking advantage of boolean-based blind SQL injection techniques. For example, a payload could be crafted to, in a boolean-based blind SQL injection, extract data by exploiting the application's SQL query handling.