Headline

CVE-2021-29350: Doc/sql injection.md at main · XD-519/Doc

SQL injection in the getip function in conn/function.php in ??100-??? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.

3 years ago

CVE

Open in Source

#sql #vulnerability #windows #apache #php

发货100-设计素材下载系统 1.1 Value parameter has SQL injection****Vulnerability Type :

SQL Injection

Vulnerability Version :

1.1

Recurring environment:

Windows 10
PHP 7.3
Apache 2.4.39

Vulnerability Description AND recurrence:

Source code download link：http://down.chinaz.com/soft/42490.htm

When the admin user edits the commodity information, SQL injection is caused.

Reason: when getting user IP, there is no filtering.

/conn/function.php

visit /admin/product_add.php?

Modify the product information and click save

use burpsuite and modify X-Forwarded-For:’|| sleep(2) || '

Successful injection！

SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.

3 years ago

CVE

Open in Source

#sql #vulnerability #windows #apache #php