A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Shipping 100 Fahuo100 versions up to 1.1 are vulnerable to a critical SQL injection vulnerability. Successful exploitation allows attackers to compromise the application's database, potentially leading to data breaches, unauthorized access, and system takeover. The vendor has not responded to the vulnerability disclosure, increasing the risk of exploitation.
Step 1: Payload Delivery: The attacker crafts a malicious payload containing SQL code designed to manipulate the database query. This payload is specifically crafted to exploit the vulnerability in the M_pwd parameter within the member/login.php file.
Step 2: Request Submission: The attacker submits the crafted payload through a web request, typically a POST request, to the vulnerable login.php script. The payload is included as the value of the M_pwd parameter.
Step 3: Query Execution: The application receives the request and, due to the lack of proper input validation, directly incorporates the attacker's malicious payload into an SQL query. The application attempts to authenticate the user using the provided credentials, including the injected SQL code.
Step 4: Database Manipulation: The database server executes the modified SQL query, which now includes the attacker's malicious code. This code can perform various actions, such as retrieving sensitive data (usernames, passwords, etc.), modifying existing data, creating new accounts, or even executing arbitrary commands on the database server.
Step 5: Data Exfiltration/System Compromise: Depending on the attacker's payload, the attacker can extract sensitive information, gain unauthorized access to the application, or potentially achieve full system compromise.
The vulnerability lies within the member/login.php file, specifically in how the M_pwd parameter is handled. The application likely fails to properly sanitize or validate user-supplied input before incorporating it into an SQL query. This lack of input validation allows an attacker to inject malicious SQL code through the M_pwd parameter. The high complexity and difficult exploitability likely stem from factors such as the need to bypass input filters, the specific database system used, and the application's overall security posture. The root cause is a missing or inadequate input validation mechanism, combined with the direct use of user-controlled data in SQL query construction (e.g., using string concatenation instead of parameterized queries). This allows for SQL injection attacks.