Vulnerable path /app/dao/CustomerDAO.php
Vulnerable path /app/handlers/CustomerHandler.php
Vulnerable path /app/process_update_profile.php
Lines 49-59 of the "CustomerDAO.php" file splice the sql word,so bypass the PDO.
Line 98 of the "CustomerHandler.php" use the vulnerable function.
Lines 31-40 of the "process_update_profile.php" use the vulnerable function.
Vulnerability exploitation process:
After the user logged in, click the button "update proflie".
Then input the poc and click "update".
After that,refresh it and click "update profile",you can see the data from database.
POC code:
youyou",password = "", phone = concat(database(),version()) WHERE `customer`.`cid`="10"#
The text was updated successfully, but these errors were encountered:
List of Vulnerable path
Vulnerable path /app/dao/CustomerDAO.php



Vulnerable path /app/handlers/CustomerHandler.php
Vulnerable path /app/process_update_profile.php
Lines 49-59 of the "CustomerDAO.php" file splice the sql word,so bypass the PDO.
Line 98 of the "CustomerHandler.php" use the vulnerable function.
Lines 31-40 of the "process_update_profile.php" use the vulnerable function.
Vulnerability exploitation process:
After the user logged in, click the button "update proflie".



Then input the poc and click "update".
After that,refresh it and click "update profile",you can see the data from database.
POC code:
The text was updated successfully, but these errors were encountered: