Hotels_Server SQL Injection Vulnerability in controller/fetchpwd.php

SQL Injection Vulnerability in controller/fetchpwd.php

Open TomAPU opened this issue 6 years ago • 0 comments

In controller/fetchpwd.php 2019-01-19-225422_457x392_scrot

the parameter was added with a string "username=" ,passed to function find

In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity! 2019-01-19-225526_566x228_scrot

After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun! 2019-01-19-231950_878x370_scrot

Jan 19 '19 15:01 TomAPU

Hotels_Server Hotels_Server copied to clipboard

SQL Injection Vulnerability in controller/fetchpwd.php

Hotels_Server
Hotels_Server copied to clipboard