AMTT Hotel Broadband Operation System SQL Injection Vulnerability in get_firstdate.php

A SQL injection vulnerability has been identified in AMTT Hotel Broadband Operation System version 1.0. The issue arises in the file '/user/portal/get_firstdate.php', where the 'uid' parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to gain server privileges.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification. According to the vulnerability's GitHub advisory, this SQL injection could be exploited to gain server privileges.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to '/user/portal/get_firstdate.php' with a payload that injects SQL code through the 'uid' parameter. This can be done using a tool like Burp Suite or by manually crafting the request with the injected SQL payload. The injection can be verified by attempting to extract database information, such as the current database name, which can be retrieved by injecting specific SQL commands that are executed by the database server.