| タイトル | There are file upload and SQL injection vulnerabilities in the zoo management system |
|---|
| 説明 | There are file upload and SQL injection vulnerabilities in the zoo management system. When querying the animal species, the query content input by the user is not checked. The input content is controllable by the user. The user can construct a malicious payload to attack the website.
Vulnerability file location: / pages / animals.php
look at this source code
```
$classId=$_ GET['class_id'];
```
There is no $class_ ID, where malicious data can be constructed to attack the website database.
The construction statement is as follows
```
? class_ id=0' union select 1,database(),group_ concat(table_name) ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_ schema. tables where table_ schema='zoomanagement'--+
```
https://s1.ax1x.com/2022/08/12/vJ4zHH.png
Vulnerability file location: / pages / apply_ vacancy.php
look at this source code
```
$fileName = pathinfo($_FILES['cv']['name'])['filename'];
$newFileName = $fileName . '_' . time();
$extension = pathinfo($_FILES['cv']['name'])['extension'];
$fullName = $newFileName . '.' . $ extension;
```
The type of uploaded file is not checked here. Although the file name has been changed, the attacker can still blast the name of the uploaded file according to the law, causing arbitrary file upload and serious threat.
https://s1.ax1x.com/2022/08/12/vJ5pEd.png
Source link
https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html |
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html |
|---|
| ユーザー | qidian (UID 30810) |
|---|
| 送信 | 2022年08月12日 09:34 (4 年 ago) |
|---|
| モデレーション | 2022年08月12日 12:59 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 206249 [SourceCodester Zoo Management System /pages/animals.php class_id SQLインジェクション] |
|---|
| ポイント | 20 |
|---|