| 제목 | SourceCodester Invoicing System In PHP 1.0 Second-Order SQL Injection |
|---|
| 설명 | A Second-Order SQL Injection vulnerability exists in the invoicing generation logic of Invoicing System In PHP version 1.0.
While the primary entry point $_GET['id'] is checked with is_numeric(), the application retrieves data from the orders table and uses those values (which may have been injected previously via other vulnerable forms like orders.php or customers.php) to construct subsequent SQL queries without any sanitization or prepared statements.
Specifically, in IGST_Invoice.php:
$custname=$row["customer_name"]; // Data from DB
if($custname != ''){
$custqry="select * from customers where customer_name='".$custname."'"; // Injection point
$res_cust = mysqli_query($conn, $custqry);
}
$categoryid=$row["category"]; // Data from DB
if($categoryid != ''){
$catqry="select * from category where category_id='".$categoryid."'"; // Injection point
$res_cat = mysqli_query($conn, $catqry);
}
If an attacker manages to store a payload like Admin' OR '1'='1 in the customer_name or category field, they can manipulate the logic of the invoice generation, exfiltrate data from other tables, or perform administrative actions on the database. |
|---|
| 원천 | ⚠️ https://gist.github.com/c4ttr4ck/f60dfb9fc65a98ad6dde1840dc2c1a5e |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2026. 04. 26. PM 11:12 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 24. AM 08:35 (27 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 365392 [SourceCodester Indian Invoicing System 1.0 Invoice Generation IGST_Invoice.php customer_name/category SQL 주입] |
|---|
| 포인트들 | 20 |
|---|