| Title | Tim Campus Confession Wall SQL injection exists |
|---|
| Description | Tim Campus Confession Wall SQL injection exists
Program download address:https://asj.lanzoui.com/i0nTFvu2m9e?w
Building environment:
phpstudy
php-5.4.5
windows10
Vulnerability file:
share.php
The GET method receives the value passed from the ID and sends it to the test_ Input method to process
In test_ The input method contains three functions. Trim removes the left and right spaces
Stripslashes Remove backslashes
The htmlspecialchars function is an html materialized escape
Then it is brought into the database to execute queries, and no filtering of injection vulnerabilities is performed in the process.
Vulnerability recurrence:
Vulnerability Reference Link
https://github.com/whiex/-Tim-Campus-Confession-Wall/blob/main/Tim%20Campus%20Confession%20Wall%20SQL%20injection%20exists.docx
|
|---|
| Source | ⚠️ https://github.com/whiex/-Tim-Campus-Confession-Wall |
|---|
| User | s7eyd7 (UID 30723) |
|---|
| Submission | 11/01/2022 03:19 (4 years ago) |
|---|
| Moderation | 11/01/2022 14:22 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 212611 [Tim Campus Confession Wall share.php post_id sql injection] |
|---|
| Points | 20 |
|---|