| タイトル | Online bookstore system CMS has file upload and SQL injection vulnerabilities |
|---|
| 説明 | There are file upload and SQL injection vulnerabilities in CMS of online bookstore system. Without checking the suffix of the file when uploading the image, the attacker can upload arbitrary files, including webshell, which poses a threat to the security of the website.
Vulnerability file location: / Admin_ add.php
look at this source code
```
if(isset($_FILES['image']) && $_ FILES['image']['name'] != ""){
$image = $_ FILES['image']['name'];
```
Here, we only judge whether the uploaded file exists, and do not check the suffix of the file. We can directly upload webshell. The operation process is as follows:
https://s1.ax1x.com/2022/08/10/v1zeBV.png
https://s1.ax1x.com/2022/08/10/v1zZn0.png
https://s1.ax1x.com/2022/08/10/v1zm7T.png
When querying books, the query content input by the user is not checked. The input content is controllable by the user, and the user can construct malicious statements to attack the website.
Vulnerability file location: / book.php
look at this source code
```
$query = "SELECT * FROM books WHERE book_isbn = '$book_isbn'";
```
There is no $book_ ISBN, where malicious data can be constructed to attack the website database. The construction statement is as follows
```
book. php? bookisbn=0' union select 1,2,database(),4,@@basedir,6,7,8 --+
```
https://s1.ax1x.com/2022/08/10/v3peFU.png
Source link
https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| ユーザー | qidian (UID 30810) |
|---|
| 送信 | 2022年08月10日 04:40 (4 年 ago) |
|---|
| モデレーション | 2022年08月10日 07:27 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 206014 [SourceCodester Simple Online Book Store System Admin_add.php 特権昇格] |
|---|
| ポイント | 20 |
|---|