Mallbuilder Admin Message Delbox did SQL Injection Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Mallbuilder Mall System. Uses a time-based technique on /message/admin_message_list_delbox via did to detect exploitable database delays.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
3 days 21 hours
Scan only one
URL
Toolbox
Mallbuilder is a widely utilized multi-user online shopping mall solution based on PHP and MySQL. It enables enterprises to swiftly set up powerful e-commerce platforms similar to major online stores like Jingdong, Tmall, and No.1 Store Mall. The system is favored by businesses for its flexibility and scalability in creating localized and vertical multi-user shopping malls. Mallbuilder is typically employed by enterprises aiming to establish a comprehensive e-commerce presence. It has gained popularity for its robust features that support various commerce activities.
SQL Injection (SQLi) is a critical vulnerability that can occur in the Mallbuilder system, where user-input data can compromise the backend SQL database. This vulnerability allows malicious actors to manipulate SQL queries through unvalidated input, potentially accessing or altering sensitive data. SQL Injection can lead to unauthorized data retrieval, modification, and potential data loss. Exploitation of this vulnerability occurs when unsanitized inputs from user requests are directly appended into SQL commands.
The SQL Injection vulnerability in Mallbuilder manifests in the admin_message_list_delbox function's "did" parameter. Attackers can craft a malicious URL or request by injecting SQL commands into the "did" parameter, thereby compromising the system's data integrity. The current endpoint is vulnerable to such attacks due to inadequate input validation and lack of parameterized queries. Utilizing this vulnerability, an attacker can execute arbitrary SQL queries, potentially leading to serious security breaches.
Should malicious actors exploit this SQL Injection vulnerability, it could result in unauthorized access to sensitive user data, modification or deletion of critical information, and potential control over the database server. The consequences might include data loss, operational disruption, and significant security compromises that could damage the reputation and functionality of the online mall. The leakage of sensitive data such as user credentials can further lead to identity theft and other malicious activities.
REFERENCES
