إرسال #42879: SOURCECODESTER Garage Management System(authenticated) removeUser.php & createUser.php boolean-based or time-based blind sql injectionالمعلومات

عنوانSOURCECODESTER Garage Management System(authenticated) removeUser.php & createUser.php boolean-based or time-based blind sql injection
الوصف1. injetct point 1 <removeUser.php> line12, code as belowe: $userid = $_GET['id']; if($userid) { $sql = "DELETE FROM users WHERE user_id = {$userid}"; if($connect->query($sql) === TRUE) { $valid['success'] = true; $valid['messages'] = "Successfully Removed"; header('location:../Users.php'); } else { $valid['success'] = false; $valid['messages'] = "Error while remove the user"; } find it directly use the use's input "id" value as part of the SQL. to verify this issue, use sqlmap by cmd like this: # python .\sqlmap.py -u http://127.0.0.1/php_action/removeUser.php?id=4 -p id --dbs --cookie="you cookie" 2. injetct point 2 <createUser.php> if($_POST) { $userName = $_POST['userName']; $upassword = md5($_POST['upassword']); $uemail = $_POST['uemail']; $sql = "INSERT INTO users (username, password,email) VALUES ('$userName', '$upassword' , '$uemail')"; //echo $sql;exit; if($connect->query($sql) === TRUE) { $valid['success'] = true; $valid['messages'] = "Successfully Added"; header('location:fetchUser.php'); } else { $valid['success'] = false; $valid['messages'] = "Error while adding the members"; } // /else } // if in_array $connect->close(); similar as inject point 1, it uses the uses' input "userName"/"uemail" as part of the final SQL.
المصدر⚠️ https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
المستخدم
 skydiver (UID 30676)
ارسال05/08/2022 09:49 AM (4 سنوات منذ)
الاعتدال05/08/2022 12:32 PM (3 hours later)
الحالةتمت الموافقة
إدخال VulDB205655 [SourceCodester Garage Management System removeUser.php معرف حقن SQL]
النقاط20

Do you need the next level of professionalism?

Upgrade your account now!