| 제목 | Online bookstore system CMS has file upload and SQL injection vulnerabilities |
|---|
| 설명 | There are file upload and SQL injection vulnerabilities in CMS of online bookstore system. Without checking the suffix of the file when uploading the image, the attacker can upload arbitrary files, including webshell, which poses a threat to the security of the website.
Vulnerability file location: / Admin_ add.php
look at this source code
```
if(isset($_FILES['image']) && $_ FILES['image']['name'] != ""){
$image = $_ FILES['image']['name'];
```
Here, we only judge whether the uploaded file exists, and do not check the suffix of the file. We can directly upload webshell. The operation process is as follows:
https://s1.ax1x.com/2022/08/10/v1zeBV.png
https://s1.ax1x.com/2022/08/10/v1zZn0.png
https://s1.ax1x.com/2022/08/10/v1zm7T.png
When querying books, the query content input by the user is not checked. The input content is controllable by the user, and the user can construct malicious statements to attack the website.
Vulnerability file location: / book.php
look at this source code
```
$query = "SELECT * FROM books WHERE book_isbn = '$book_isbn'";
```
There is no $book_ ISBN, where malicious data can be constructed to attack the website database. The construction statement is as follows
```
book. php? bookisbn=0' union select 1,2,database(),4,@@basedir,6,7,8 --+
```
https://s1.ax1x.com/2022/08/10/v3peFU.png
Source link
https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| 사용자 | qidian (UID 30810) |
|---|
| 제출 | 2022. 08. 10. AM 04:40 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 08. 10. AM 07:27 (3 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 206014 [SourceCodester Simple Online Book Store System Admin_add.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|