Chaitak-Gorai Blogbook SQL Injection Vulnerability in Post Deletion Functionality

A critical SQL injection vulnerability has been identified in Chaitak-Gorai Blogbook versions up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. The issue arises in the file '/admin/view_all_posts.php', specifically within the GET parameter handler. The vulnerability is triggered by manipulating the 'post_id' argument, allowing for remote exploitation. When the 'delete' parameter is used, the application executes unsanitized SQL DELETE queries that target both the posts and comments tables. This exploitation could lead to the deletion of all entries in these tables, causing significant data loss and integrity issues.

Impact

Exploitation of this vulnerability allows for arbitrary SQL injection, which could be used to manipulate database queries. In this case, it could lead to unauthorized deletion of posts and comments, causing severe data loss and integrity problems.

Reproduction

To reproduce this vulnerability, send a GET request to '/admin/posts.php' with the 'delete' parameter set to a crafted SQL injection payload, such as one that evaluates to true, like '1 OR 1=1'. This will bypass the normal deletion process and trigger the deletion of all posts and comments associated with the injected condition.