| Título | Online bookstore system CMS has file upload and SQL injection vulnerabilities |
|---|
| Descrição | There are file upload and SQL injection vulnerabilities in CMS of online bookstore system. Without checking the suffix of the file when uploading the image, the attacker can upload arbitrary files, including webshell, which poses a threat to the security of the website.
Vulnerability file location: / Admin_ add.php
look at this source code
```
if(isset($_FILES['image']) && $_ FILES['image']['name'] != ""){
$image = $_ FILES['image']['name'];
```
Here, we only judge whether the uploaded file exists, and do not check the suffix of the file. We can directly upload webshell. The operation process is as follows:
https://s1.ax1x.com/2022/08/10/v1zeBV.png
https://s1.ax1x.com/2022/08/10/v1zZn0.png
https://s1.ax1x.com/2022/08/10/v1zm7T.png
When querying books, the query content input by the user is not checked. The input content is controllable by the user, and the user can construct malicious statements to attack the website.
Vulnerability file location: / book.php
look at this source code
```
$query = "SELECT * FROM books WHERE book_isbn = '$book_isbn'";
```
There is no $book_ ISBN, where malicious data can be constructed to attack the website database. The construction statement is as follows
```
book. php? bookisbn=0' union select 1,2,database(),4,@@basedir,6,7,8 --+
```
https://s1.ax1x.com/2022/08/10/v3peFU.png
Source link
https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/15423/simple-online-book-store-system-php-free-source-code.html |
|---|
| Utilizador | qidian (UID 30810) |
|---|
| Submissão | 10/08/2022 04h40 (há 4 anos) |
|---|
| Moderação | 10/08/2022 07h27 (3 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 206014 [SourceCodester Simple Online Book Store System Admin_add.php Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|