Skip to content
This repository has been archived by the owner on Mar 6, 2022. It is now read-only.

SQL Injection in category.php form #14

Open
ztxyzwd opened this issue Jul 7, 2020 · 2 comments
Open

SQL Injection in category.php form #14

ztxyzwd opened this issue Jul 7, 2020 · 2 comments

Comments

@ztxyzwd
Copy link

ztxyzwd commented Jul 7, 2020

Hello, I found that there is a sql injection vulnerability in the cat_id parameter of the category.php file on the website. Entering single quotes in this parameter will cause the webpage to burst and the database statement to burst. And this parameter can be used by sqlmap to obtain data information in the database.
image
image
image
POC:
GET /category.php?cat_id=1%27 HTTP/1.1
Host: victor.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ia9ksoo6lq6dticsuoddv0gh20
Connection: close

@VictorAlagwu
Copy link
Owner

VictorAlagwu commented Jul 7, 2020

Hello @ztxyzwd, This is a project I worked on a few years back while learning PHP, so it's prone to have a lot of bugs, regardless of that if there is a fix or rather a PR that fix those issues, I would be glad to merge it.

@ztxyzwd
Copy link
Author

ztxyzwd commented Jul 7, 2020

Thank you. I will update the bugs found in the code in ISSUES.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants