Hotels_Server Hotels_Server through 2018-11-05 has SQL Injection via the API.

Hotels_Server through 2018-11-05 has SQL Injection via the API.

Open ghost opened this issue 6 years ago • 1 comments

In /controller/api/login.php It will receive a parameter called "telephone" to search for existed users. But in fact,this parameter just become a part of the SQL request without any process,so it will be possible to have a SQL injection. We can use SQLMAP to test this vulnerability: 20190215223537 20190215223806 20190215223829

Feb 17 '19 05:02 ghost

Feb 01 '20 07:02 losmoneygangsta

Hotels_Server Hotels_Server copied to clipboard

Hotels_Server through 2018-11-05 has SQL Injection via the API.

Hotels_Server
Hotels_Server copied to clipboard