从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. **漏洞描述**: - **标题**:SQL injection vulnerability in SourceCodester Kortex Lite Advocate Office Management System 1.0. - **解释**:SQL injection errors occur when data enters a program from an untrusted source and is used to dynamically construct a SQL query. 2. **目标代码来源**: - **URL**:https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html 3. **抽象**: - SQL Injection vulnerability in Kortex Lite Advocate Office Management System v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the case_register_id parameter in the delete_register.php component. 4. **详细信息**: - 在此案例中,数据在第8行的delete_register.php中传递给query()。 5. **代码示例**: ```php if(isset($_GET['case_register_id'])){ $case_register_id = $_GET['case_register_id']; $sql = "delete from case_register where id = $case_register_id"; $result = $conn->query($sql); if($result == true){ // echo "record deleted successfully"; // header("location:view_case.php"); } } ``` 6. **漏洞验证**: - 使用sqlmap工具验证了case_register_id参数的漏洞。 7. **漏洞利用**: - 使用sqlmap工具成功利用了case_register_id参数的漏洞,执行了SQL注入攻击。 这些信息详细描述了SQL注入漏洞的原理、目标代码、漏洞利用方法和验证过程。