Hotels_Server During 2021-05-20, Hotels_Server can perform SQL injection through the username parameter.

During 2021-05-20, Hotels_Server can perform SQL injection through the username parameter.

Open Juneah opened this issue 3 years ago • 0 comments

In /controller/fetchpwd.php It will receive a parameter called "username" to search for existed users. But in fact,this parameter just become a part of the SQL request without any process,so it will be possible to have a SQL injection. We can use SQLMAP to test this vulnerability:

sqlmap -u "http://192.168.31.91/controller/fetchpwd.php" --data "username=1" --dbms mysql -p username

E535%I1OKP)DWL}`GBDR29B

Z($YDT678FOJ0 3N2~ L_IK

May 20 '21 14:05 Juneah

Hotels_Server Hotels_Server copied to clipboard

During 2021-05-20, Hotels_Server can perform SQL injection through the username parameter.

Hotels_Server
Hotels_Server copied to clipboard