Due to lack of protection, parameters table_name, field_name, id, field_id can be abused to injection SQL queries to extract information from databases some other SQLi tricks, parameter msg can be used to inject XSS payload and steal user's cookie (and even takeover user's account)
As we can see, no security mechanism was implemented which resulted in a lot of vulnerabilities.
In beneath, I've presented how information can be extracted via SQL injection. XSS can be exploited by giving the correct information in other parameters and inject Javascript code in field_name, msg.
Add security functions such as sqlSecurityFilter to sanitize parameters before processing or printing out to the screen. For XSS, use htmlentities to properly encode the output.
The text was updated successfully, but these errors were encountered:
Description
Due to lack of protection, parameters

table_name,field_name,id,field_idcan be abused to injection SQL queries to extract information from databases some other SQLi tricks, parametermsgcan be used to inject XSS payload and steal user's cookie (and even takeover user's account)As we can see, no security mechanism was implemented which resulted in a lot of vulnerabilities.
Exploiting
Injection point:
HTTP://demo/CheckDuplicateName.php?table_name=api_info+where+id=1+and+extractvalue(0x0a,concat(0x0a,(select+database())))--&field_name=&val=&field_id=&msg=In beneath, I've presented how information can be extracted via SQL injection. XSS can be exploited by giving the correct information in other parameters and inject Javascript code in
field_name,msg.Request:
Response:
Solution
Add security functions such as
sqlSecurityFilterto sanitize parameters before processing or printing out to the screen. For XSS, usehtmlentitiesto properly encode the output.The text was updated successfully, but these errors were encountered: