Pre-Auth SQL Injection in Simple Doctor's Appointment System V1.0 (admin.php)

根据用户提供的网页截图，我提取了以下关键信息： 1. 漏洞概述 (Vulnerability Overview): 标题: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 (admin.php) SQL Injection #3 受影响产品: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 漏洞类型: SQL Injection (SQL注入) 根本原因: 在 文件的第 10 行， 变量直接拼接到 SQL 查询语句中，没有进行适当的过滤或参数化。 影响: 攻击者可以通过构造恶意请求，执行任意 SQL 查询，从而读取、修改或删除数据库中的敏感信息（如用户凭证、患者记录等）。 认证要求: 无需登录即可利用此漏洞。 2. 影响范围 (Affected Versions): 提交者: Vulnerable file 版本: 1.0 软件链接: 提供了 GitHub 和 SourceForge 的下载链接。 3. 修复方案 (Suggested Repair): 使用参数化查询（Prepared Statements）来防止 SQL 注入。 对用户输入进行验证和清理（Sanitize and Validate）。 实施最小权限原则（Principle of Least Privilege）。 定期更新和打补丁。 实施 Web 应用程序防火墙（WAF）。 4. POC/利用代码 (Proof of Concept): 页面中包含了三个主要的代码/截图块，展示了漏洞的利用过程。 第一个代码块 (Vulnerability details and POC): 展示了 的源代码，指出了第 10 行的漏洞点。 第二个代码块 (Payload): 展示了具体的 Payload 构造。 第三个代码块 (Testing): 展示了在浏览器中利用该 Payload 获取数据库信息（如 函数）的结果。 现在，我将这些信息整理成简洁的中文 Markdown 格式。 Simple Doctor's Appointment System SQL 注入漏洞总结 漏洞概述 漏洞名称: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 (admin.php) SQL Injection #3 漏洞类型: SQL Injection (SQL 注入) 根本原因: 在 文件的第 10 行，代码直接将用户输入的 变量拼接到 SQL 查询语句中，未进行任何过滤或参数化处理。 影响: 攻击者无需登录即可通过构造恶意请求，执行任意 SQL 查询，从而读取、修改或删除数据库中的敏感信息（如用户凭证、患者记录等）。 影响范围 受影响产品: Simple Doctor's Appointment System in PHP/MySQL Project V1.0 受影响版本: 1.0 受影响文件: 修复方案 使用参数化查询: 使用 Prepared Statements 来防止 SQL 注入。 输入验证: 对用户输入进行严格的验证和清理（Sanitize and Validate）。 最小权限原则: 限制数据库用户的权限。 定期更新: 保持软件更新和打补丁。 部署 WAF: 实施 Web 应用程序防火墙。 POC 代码与利用过程 1. 漏洞代码片段 (admin.php 第 10 行): 2. 利用 Payload: (注：截图中的 Payload 展示了通过 参数注入 SQL 语句，利用 绕过条件限制) 3. 利用效果 (获取数据库信息): ```text http://localhost/doctor/admin.php?id=1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814

目標達成すべての支援者に感謝 — 100%達成しました！

Pre-Auth SQL Injection in Simple Doctor's Appointment System V1.0 (admin.php)

このソースからの他の記事

目標達成 すべての支援者に感謝 — 100%達成しました！

Pre-Auth SQL Injection in Simple Doctor's Appointment System V1.0 (admin.php)

このソースからの他の記事

目標達成すべての支援者に感謝 — 100%達成しました！