Headline
CVE-2022-4051: SQL injection vulnerability exists in Hostel searching project · Issue #1 · itzmehedi/Hostel-searching-project-using-PHP-Mysql
A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844.
SQL injection vulnerability exists in Hostel searching project****1.Build environment
Aapche2.4.39; MySQL5.7.26; PHP8.0.2
2.Vulnerability analysis
view-property.php:
property_ ID is assigned to $property_ The ID variable is then brought into the database for query, and the query result is returned. During this process, the property_ The ID is brought into the database without being filtered, thus creating a SQL injection vulnerability
We can use sqlmap to validate
Manual SQL injection proof
3.POC
http://127.0.0.1/view-property.php?property_id=127' or (select 1 from(select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a) and 'ace'='ace