iPynch Social Network Website SQL Injection Vulnerability in Search Component
Vulnerability
A SQL injection vulnerability has been identified in the iPynch Social Network Website, specifically in versions prior to b6933b6d7f82c84819abe458ccf0e59d61119541. The issue arises from an unknown function within the Search component, where improper input handling allows for SQL injection attacks to be executed remotely. This vulnerability has been publicly disclosed and is actively exploitable.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to access or modify database information. In this case, the injection can be used to retrieve data about all users in the database.
Reproduction
To reproduce this vulnerability, download the iPynch Social Network Website project and modify the database configuration to connect to a database with test data. After logging in, go to the homepage and use the search function. Enter a payload that exploits the SQL injection vulnerability, such as ' OR '1'='1'. This will bypass normal search functionality and return information about all users in the database.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.