| Titel | SQL injection vulnerability exists in Video Sharing Website |
|---|
| Beschreibung | SQL injection vulnerability exists in email parameter of admin_class.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
When visit ajax.php and action parameter is ‘login’,it will include admin_class.php,and email parameter can do sql injection.
Payload:
email=0'XOR(if(now()=sysdate(),sleep(1),0))XOR'Z' AND (SELECT 1067 FROM (SELECT(SLEEP(5)))ygqa) AND 'Kaxl'='Kaxl |
|---|
| Quelle | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%202.pdf |
|---|
| Benutzer | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| Einreichung | 14.04.2023 06:10 (vor 3 Jahren) |
|---|
| Moderieren | 14.04.2023 08:22 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 225916 [Campcodes Video Sharing Website 1.0 admin_class.php email SQL Injection] |
|---|
| Punkte | 20 |
|---|