| عنوان | Online Graduate Tracer System bsitemp.php sql injection |
|---|
| الوصف | Online Graduate Tracer System bsitemp.php sql injection
url:admin/bsitemp.php
Abstract:
Line 243 of bsitemp.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
1. Data enters a program from an untrusted source.
2. The data is used to dynamically construct a SQL query.
In this case, the data is passed to mysqli_query() in bsitemp.php on line 243.
sqlmap.py -u "http://localhost/tracking/admin/bsitemp.php?id=111" --level 5 --risk 3 --current-db
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=111'+(SELECT 0x67437261 WHERE 6269=6269 AND (SELECT 8178 FROM (SELECT(SLEEP(5)))mMBg))+'
Download Code:
https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html |
|---|
| المصدر | ⚠️ https://blog.csdn.net/Dwayne_Wade/article/details/129522869 |
|---|
| المستخدم | bit3hh (UID 42576) |
|---|
| ارسال | 14/03/2023 05:04 AM (3 سنوات منذ) |
|---|
| الاعتدال | 14/03/2023 03:31 PM (10 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 222981 [SourceCodester Online Graduate Tracer System 1.0 bsitemp.php mysqli_query معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|