AssamLook CMS SQL Injection Vulnerability in view_tender.php

A critical blind SQL injection vulnerability has been identified in AssamLook CMS version 1.0. The issue arises in the file view_tender.php, where the id parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, and details of the exploit have been made public.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to view_tender.php with an injected SQL payload in the id parameter. This can be done using a web browser or a tool like Burp Suite. The injection can be tested by appending a single quote followed by a SQL injection payload, such as ' and 1=1-- to bypass SQL query conditions.