1000 Projects Bookstore Management System v1.0 SQL Injection Vulnerability Analysis

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: #438146 2. Vulnerability Name: 1000 Projects Bookstore Management System v1.0 v1.0 SQL Injection 3. Vulnerability Description: - Classified as severe, this vulnerability exists in the file of the Bookstore Management System. - SQL injection is present in the parameter. - The affected component is unknown. 4. Vulnerability Authors: Sun Yihang, Guangzhou University; Fan Qi, Guangzhou University 5. Vulnerability Links: - Original Link: https://1000projects.org/bookstore-management-system-php-mysql-project.html - Vulnerable File: - Vulnerable Location: , parameter 6. Database Name: 7. Payload: - GET Request: // Leak place --> main_event_id 8. Exploitation Method: - Uses statement to retrieve database information. - Payload is sent via GET request. 9. Exploitation Example: - Request Headers: - Host: 192.168.1.16 - User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 - Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 - Accept-Encoding: gzip, deflate - DNT: 1 - Cookie: PHPSESSID=7hpghvc3ujgkqtdko38g42if7 - Connection: close - Request Parameters: - : This information helps us understand the vulnerability in detail, including its type, scope of impact, and exploitation techniques.

Goal Reached Thanks to every supporter — we hit 100%!

1000 Projects Bookstore Management System v1.0 SQL Injection Vulnerability Analysis