恶意代码防范>> Second-Order-SQLi>> 返回
项目作者: cyberintruder

项目描述 :
This is a POC for Second Order SQL Injection
高级语言: PHP
项目地址: git://github.com/cyberintruder/Second-Order-SQLi.git
创建时间: 2017-08-13T14:13:31Z
项目社区:https://github.com/cyberintruder/Second-Order-SQLi
开源协议:
下载


Second-Order-SQLi

This is a POC for Second Order SQL Injection

  1. Before using change the database details in both files ( getdata.php and instert.php)
  2. When you run instertdata.php, it will create a two tables profile and pii.

  3. When you run getdata.php with id, it will fetch the details from both tables.
    Though id is there in only profile table, internally the script run another sql query filter “user” as both have “user” column common.
    Here “user” parameter is vulnerable

    Attack:
    vunerable parameter (insert.php) - user

    1. Payload: X’ UNION SELECT user(),version(),database(), 4 —
    2. Palyoad: X’ UNION SELECT 1,2,3,4 —

Note: Tested on Ubuntu X86_64 - PHP 7.0.22-2 version, Mysql 5.7.17-0ubuntu0.16.04.1