Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotels_Server through 2018-11-05 has SQL Injection via the API. #4

Open
ghost opened this issue Feb 17, 2019 · 1 comment
Open

Hotels_Server through 2018-11-05 has SQL Injection via the API. #4

ghost opened this issue Feb 17, 2019 · 1 comment

Comments

@ghost
Copy link

ghost commented Feb 17, 2019

In /controller/api/login.php
It will receive a parameter called "telephone" to search for existed users.
But in fact,this parameter just become a part of the SQL request without any process,so it will be possible to have a SQL injection.
We can use SQLMAP to test this vulnerability:
20190215223537
20190215223806
20190215223829
@losmoneygangsta
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@losmoneygangsta