Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVEnotes/Chat2/
CVEnotes/Chat2/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
png
 
 
 
 

Chatv2 has SQL injection Vulnerability Description


Testing Target

Summary

The Chatv2 has SQL injection.

Description

The userid parameter in /chat2/jumpin.php has SQL injection vulnerability.

Concept

  1. Build the chat2 test environment, and create a chat then send test message out.
  2. Back to default page, input new desired username. Use BurpSuite to intercept POST package for sqlmap test before submitting.
  3. SQL injection testing via sqlmap. Find out valid payload, then obtain web server’s information and can further enumerate DB, table or other use. payload:py -2 sqlmap.py -r D:\sql.txt -p userid --dbms mysql --level 5 --risk 3 --threads=5 payload:py -2 sqlmap.py -r D:\sql.txt -p userid --dbms mysql --level 5 --risk 3 --threads=5 -D chat2_db --tables