제출 #42879: SOURCECODESTER Garage Management System(authenticated) removeUser.php & createUser.php boolean-based or time-based blind sql injection정보

제목SOURCECODESTER Garage Management System(authenticated) removeUser.php & createUser.php boolean-based or time-based blind sql injection
설명1. injetct point 1 <removeUser.php> line12, code as belowe: $userid = $_GET['id']; if($userid) { $sql = "DELETE FROM users WHERE user_id = {$userid}"; if($connect->query($sql) === TRUE) { $valid['success'] = true; $valid['messages'] = "Successfully Removed"; header('location:../Users.php'); } else { $valid['success'] = false; $valid['messages'] = "Error while remove the user"; } find it directly use the use's input "id" value as part of the SQL. to verify this issue, use sqlmap by cmd like this: # python .\sqlmap.py -u http://127.0.0.1/php_action/removeUser.php?id=4 -p id --dbs --cookie="you cookie" 2. injetct point 2 <createUser.php> if($_POST) { $userName = $_POST['userName']; $upassword = md5($_POST['upassword']); $uemail = $_POST['uemail']; $sql = "INSERT INTO users (username, password,email) VALUES ('$userName', '$upassword' , '$uemail')"; //echo $sql;exit; if($connect->query($sql) === TRUE) { $valid['success'] = true; $valid['messages'] = "Successfully Added"; header('location:fetchUser.php'); } else { $valid['success'] = false; $valid['messages'] = "Error while adding the members"; } // /else } // if in_array $connect->close(); similar as inject point 1, it uses the uses' input "userName"/"uemail" as part of the final SQL.
원천⚠️ https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
사용자
 skydiver (UID 30676)
제출2022. 08. 05. AM 09:49 (4 연령 ago)
모더레이션2022. 08. 05. PM 12:32 (3 hours later)
상태수락
VulDB 항목205655 [SourceCodester Garage Management System removeUser.php 아이디 SQL 주입]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!