CVE-2024–36597 SQL Injection review

Hi everyone, I was looking into different CVE-s, and one that caught my eye which has a very high rating in CVSS and was very easy to exploit. The issue I’m talking about is a SQL Injection in Aegon Life version 1.0 where a user with the normal user rights, can access all data from the database.

So I built a machine where I could do my testing and see for myself the results of this vulnerability.

I am running xampp on Linux, and on my other machine which is Kali Linux, I had access as I am running it inside my network.

From the screenshot provided, I was infront of a login page. When building the machine, the database will provide loads of dummy data, meaning when I imported the vulnerable version.

When logging in, I was redirected to clientHome.php page, which shows the profile of my user. As I was reading the exploitation part, I noticed my user has the lowest rights, which is perfect to show the vulnerability.

So, my user has the lowest rights and can continue from there. The vulnerable parameter is client_id.

As an admin, I did have access to client status for each user, but here I didn’t. So I decided to only modify my request a little bit and see the results.

The payload is the following: client_id=1511986023%27%20OR%201=1%20--%20a

And there we go! Very easy to exploit, and the CVSS score is very high. This will always improve skills as building the machines and installing specific technologies will improve the overall understanding of technology, and afterwards the specific cybersecurity vulnerabilities.

Thank you for your time!