Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Injection-Vulnerability-In-Pharmacy-Management-System-1.0 image In the 19th line of login_core.php, the input email is directly brought into the Sql query statement without filtering, resulting in a Sql injection attack.

image The user used by my database is root@localhost

image Sql blind injection attack is used here, and the delay is 4 seconds at this time. If the if () judgment is correct, it will be delayed for 9 seconds image

image image

Judge that the second character is o. So we can always judge that the database user() is root@localhost

payload: ?email=admin@admin.com'+and+if(substr(user(),1,1)='r',SLEEP(5),null)--'&password=admin1&role=admins